REQUEST FOR PROPOSAL
Security Information and Event Management System
(SIEM Project)
RFP # 5634-12
SUBMITTAL DUE DATE
Friday, April 13, 2012
2:00 p.m. MST
BOULDER COUNTY PURCHASING
2025 14TH STREET
BOULDER CO 80302
Purchasing@bouldercounty.org
CONTENTS
Section 1: Introduction ....................................................................................................................... 4
Purpose and Scope .................................................................................................................................... 4
RFP Submission ......................................................................................................................................... 4
Americans with Disabilities Act (ADA)......................................................................................................... 4
Terms and Conditions for Request for Proposal ......................................................................................... 5
Section 2: Response Format and Contents ......................................................................................... 6
Title Page ................................................................................................................................................... 6
Vendor Overview ........................................................................................................................................ 6
References ................................................................................................................................................. 6
General Submission Requirements ............................................................................................................ 7
Signature Page........................................................................................................................................... 9
Section 3: Evaluation Overview ......................................................................................................... 10
RFP Timeline............................................................................................................................................ 10
Vendor Evaluation Process and Criteria ................................................................................................... 10
Compensation .......................................................................................................................................... 11
Commitments ........................................................................................................................................... 11
RFP Revisions .......................................................................................................................................... 11
Section 4: Evaluation Phases........................................................................................................... 11
Phase I – RFP & Responses .................................................................................................................... 11
Phase II. - Training and software / service evaluations ............................................................................. 11
Phase III. Final Letters of Qualification (optional) ...................................................................................... 11
Phase IV: Contract Award and Execution ................................................................................................. 12
Section 5: Company Information and Financials .............................................................................. 12
Section 6: Current Environment ....................................................................................................... 14
Summary Biography of Boulder County .................................................................................................... 14
Summary of the Current Environment....................................................................................................... 15
Key Deficiencies ....................................................................................................................................... 15
Section 7: Functional Requirements ................................................................................................. 16
Section 8: Information Technology (IT) Requirements & Information Requests ................................ 20
Table 8.1 Information Technology Requirements ..................................................................................... 21
Table 8.2.1. General Technology Information Request ............................................................................. 23
Table 8.2.2 - Boulder County Hosted Solution Information Request ......................................................... 26
RFP # 5634-12
Page 2 of 34
print: 3/14/2016
Table 8.2.3 - Services Oriented Architecture (SOA) Information Request ................................................ 27
Table 8.2.4 Software Release Process Information Request .................................................................... 28
Table 8.2.5. System Support, Warranty & Maintenance Information Request ........................................... 28
Table 8.2.6. Application Security Management Information Request ........................................................ 30
Section 9: Implementation Strategy.................................................................................................. 32
Table 9.1 Implementation Strategy Information Request .......................................................................... 32
RFP # 5634-12
Page 3 of 34
print: 3/14/2016
Section 1: Introduction
Purpose and Scope
The purpose of this Request for Proposal (RFP) is to solicit proposals from vendors for a
Security Information and Event Management System (SIEM) solution, its required
components and services, for Boulder County, in the State of Colorado. General Information
about Boulder County can be found on our website at www.bouldercounty.org.
The county has hundreds of devices that have local event logging. These systems do not have
an all encompassing automatic alerting system that can warn of potential security, hardware, or
software threats and errors. A Security Information and Event Management (SIEM) product
would allow us to build a platform that can gather all of these logs in one place to perform
various tasks such as trend analyses, problem solving and alerting.
This product will save us time that is spent logging onto hundreds of individual resources for
routine maintenance and troubleshooting. It will alert us to potential threats and issues which will
allow us to be more proactive rather than reactive. A redundant appliance that can support our
needs is desired.
Boulder County Commissioners spearhead special initiatives to improve public service and the
quality of life in Boulder County. One of the priority initiatives is Environmental Sustainability
with the mission of this initiative being to ensure that Boulder County's operations and decisionmaking processes reflect our deep commitment to environmental sustainability and to build
partnerships to help make the broader community more sustainable. The Boulder County
Commissioners adopted two resolutions in 2005 committing the County to energy and resource
conservation, waste reduction, pollution prevention and other sustainable practices. Boulder
County is interested in supporting its Environmental Sustainability mission when making
information technology decisions and purchases. `
RFP Submission
Inquiries and questions regarding the proposal document, scope of services, or the terms and
conditions shall be submitted via e-mail to purchasing@bouldercounty.org. by 4:00 p.m.,
Friday, March 30, 2012. Please include this RFP # in the subject line. All responses from the
County to all inquiries shall be sent via email no later than close of business, Friday, April 6,
2012
Submittal Instructions:
Submittals are due at the Administrative Services Reception Desk or the email box (preferred) listed below, for
time and date recording on or before 2:00 p.m. MST on Friday, April 13th, 2012.
Your response can be submitted in the following ways. Please note that e-mail responses to this
solicitation are preferred, but are limited to a maximum of 25MB capacity. Electronic Submittals must
be received in the e-mail box listed below. Submittals sent to any other box will NOT be forwarded or
accepted. This e-mail box is only accessed on the due date of your questions or proposals. Please use
the Delivery Receipt option to verify receipt of your email.
E-Mail
purchasing@bouldercounty.org; identified as RFP # 5634-12 in the subject
line.
-ORRFP # 5634-12
Page 4 of 34
print: 3/14/2016
US Mail
Two (2) unbound copies of your submittal, printed double-sided, 11 point, on at least 50% postconsumer, recycled paper must be submitted in a sealed envelope, clearly marked as RFP #
5634-12, to the Administrative Services Reception Desk at 2025 14th Street, Boulder, CO
80302. Please allow at least 2 days for delivery of USPS Priority and Express Mail.
All RFPs must be received and time and date recorded by authorized county staff by the above due date and
time. Sole responsibility rests with the Offeror to see that their RFP response is received on time at the stated
location(s). Any responses received after due date and time will be returned to the offeror.
The Board of County Commissioners reserves the right to reject any and all responses, to waive any
informalities or irregularities therein, and to accept the proposal that, in the opinion of the Board, is in the best
interest of the Board and of the County of Boulder, State of Colorado.
Americans with Disabilities Act (ADA)
If you need special services provided for under the Americans with Disabilities Act, contact the
ADA Coordinator or the Human Resources office at 303-441-3525 at least 48 hours before the
scheduled event.
Terms and Conditions for Request for Proposal

Proposers are expected to examine the specifications, schedule of delivery, and all
instructions. Failure to do so will be at the proposer’s risk.

Each proposer shall furnish the information required in the RFP.

The Contract/Purchase Order will be awarded to that responsible proposer whose submittal,
conforming to the Request for Proposals, will be most advantageous to the County of
Boulder, price and other factors considered.

The Boulder County Office of Purchasing reserves the right to reject any or all proposals
and to waive informalities and minor irregularities in proposals received, and to accept any
portion of or all items proposed if deemed in the best interest of the County of Boulder to do
so.

No submittal shall be withdrawn for a period of thirty (30) days subsequent to the opening of
proposals without the consent of the County Purchasing Agent or delegated representative.

A signed purchase order or contract furnished to the successful proposer results in a binding
contract without further action by either party.

Late or unsigned proposals will not be accepted or considered. It is the responsibility of
proposer to insure that the proposal arrives in the office of the County Purchasing Agent
prior to the time indicated in the "Request for Proposals."

The proposed price shall be exclusive of any Federal or State taxes from which the County
of Boulder is exempt by law.

Any interpretation, correction or change of the Proposal Documents will be made by
Addendum. Interpretations, corrections and changes of the Proposal Documents made in
any other manner will not be binding, and Proposer shall not rely upon such interpretations,
corrections and changes. The County's Representative will not be responsible for oral
clarification.

Confidential / Proprietary Information: Proposals submitted in response to this RFP and any
resulting contract is subject to the provisions of the Colorado Public (Open) Records Act, 2472-201 et.seq. C.R.S., as amended. Any restrictions on the use or inspection of material
contained within the proposal and any resulting contract shall be clearly stated in the
RFP # 5634-12
Page 5 of 34
print: 3/14/2016
proposal itself. Confidential/proprietary information must be readily identified, marked
and separated/packaged from the rest of the proposal. Co-mingling of confidential /
proprietary and other information is NOT acceptable. Neither a proposal, in its entirety,
nor proposal price information will be considered confidential / proprietary. Any information
that will be included in any resulting contract cannot be considered confidential.
Section 2: Response Format and Contents
Organize proposals in separately tabbed sections with labels that correspond to the sections
described in the following pages of this RFP and in the General Submission Format sub-section.

Number each page of your submission consecutively.

Provide a concise response to each point.

Wherever a table is provided, please title your section tab to match the RFP section in
which the table appears.

Use the table format for your responses, and maintain the sequence and reference
numbers in the table.
If you have any submission format questions, please contact purchasing@bouldercounty.org.
Title Page

Title page (no initial tabbed divider)

Customer name & Boulder County RFP Number

Vendor name, address, telephone number and email

RFP Contact’s name, signature, title, email and date
Vendor Overview
Provide a maximum three-paragraph description for each item listed below. This information is
intended to be a general overview. You should highlight qualifications of your company, years
in business and the reasons your product, services and company are best suited to meet the
Boulder County requirements.

Company

Historical Background

Financial Status
References
Please provide at least three (3) and no more than five (5) references that match the following
criteria:

RFP # 5634-12
Public sector customers inclusive of Public Safety and Transportation organizations, i.e.
State, County or large metropolitan area governments
Page 6 of 34
print: 3/14/2016

Customers using the solution and version(s) proposed for Boulder County
Provide the principle contact name and telephone number, as well as the other information
requested in the proceeding table.
Reference’s Organization
name
Contact Name
and Email
address
City, County
Sate and Phone
Number
System(s) name and version,
Number of Sites, Number of
Employees
1.
2.
3.
4.
5.
General Submission Requirements
Please include the following information in your submission, identified and in the order listed below:
1. Vendor Contact Information
a. Company Name, Address, Phone Number and Contact Information.
b. Name of contact person(s) for contract administration and technical liaison
c. Indicate your company’s hours of business, off-hours contact and availability.
d. Suggest appropriate processes for ongoing communications between Vendor and
Boulder County, e.g. email, website, phone, etc.)
2. Detailed Project Schedule, with major deliverables, including but not limited to:
a. Project plan and schedule with critical path identified
b. Gap analysis
c. Resource allocations
d. Solution Acceptance Criteria
e. Product installation
f.
Training
g. Data Conversion - historical and current system data
h. Add-ons or customizations
i.
Interfaces
j.
User and Parallel system acceptance certification
k. Final production cutover
3. Documentation / Manuals: Provide electronic copies of the technical and user documentation
with your response to the RFP (e.g. CD, DVD, Website link, etc.).
RFP # 5634-12
Page 7 of 34
print: 3/14/2016
4. Detailed Cost Schedules: Provide detailed, itemized unit and total costs for each component
and service proposed, indicating as appropriate optional and required components and
services, including:
a. Recommended hardware specifications, itemized, to meet Boulder County’s
requirements
b. Recommended software, itemized, to meet Boulder County’s requirements and including
any 3rd party software license fees
c. If managed services or software-as-a-service is proposed, provide appropriate costs,
sized and itemized, to meet Boulder County’s requirements.
d. Where appropriate, please provide any tiered costing alternatives, e.g. per transaction,
per employee, per class, etc.
e. Project Management, e.g. Hourly, monthly or fixed rate, number of estimated hours /
months to complete project
f.
Software development services, e.g. Hourly, monthly or fixed rate, number of estimated
hours / months to complete project
g. On-site training, e.g. Hourly or class rate, number of estimated hours to complete
project, recommended class size
h. Provide a 3-year post-implementation cost schedule for support, maintenance and
upgrades (including any 3rd party licensing fees)
5. Contract / license agreement: Submit a copy of any contract / license agreement you will
require to be executed at time of award.
6. Non-disclosure Agreements: Submit a copy of any non-disclosure contracts you would
require to be executed as part of the evaluation process.
7. Staff Qualifications: Describe the qualifications and experience of the staff who would be
assigned to the Boulder County’s implementation. Provide an electronic copy of resumes for
your project manager and technical leads.
8. Customization: While it is Boulder County’s intention to avoid customization of 3rd party
software, please describe your process for defining specifications and for pricing customization
work orders – both during implementation and as a post-implementation support change
request. Please also provide your current pricing / rate structure for custom development.
9. Vendor Corporate and Financial Information: Complete and submit information in the table
format provided in Section 5 of this RFP.
10. Functional Requirements self-ratings and information: Complete and submit information in
the table format provided in Section 7 of this RFP.
11. Technical Requirements self-ratings and information: Complete and submit information in
the table format provided in Section 8 of this RFP.
12. Implementation Strategy information: Complete and submit information in the table format
provided in Section 9 of this RFP.
RFP # 5634-12
Page 8 of 34
print: 3/14/2016
Signature Page
SIEM Project
RFP # 5634-12
Failure to complete, sign and return this submittal page with your proposal may be cause for
rejection.
Contact Information
Response
Company Name
Name and Title of Primary
Contact Person
Company Address
Phone Number
Email Address
Company Website
I certify that I am authorized to bid on my company’s behalf and that I am not currently an employee of Boulder
County and to the best of my knowledge, none of my employees or agents are currently employees of Boulder
County. I also certify that I am not related to any Boulder County employee or Elected Official.
___________________________________________________
*Signature of Person Authorized to Bid on
Company’s Behalf
_________________
Date
Note: If you cannot certify the above statements, please explain in the space provided below.
RFP # 5634-12
Page 9 of 34
print: 3/14/2016
Section 3: Evaluation Overview
RFP Timeline
An approximate schedule for vendor evaluation and selection is as follows:
Milestone
Target End Date
1.
Vendors submit RFP Questions to Boulder County
(as needed)
3/30/2012
2.
County Responses to RFP Questions released to
Vendors (as needed)
4/6/2012
3.
Vendor Proposal due to Boulder County
4/13/2012
4.
Interviews with Short Listed Firms
4/20/2011(Estimated)
5.
Submit solution recommendation to Board of
County Commissioners for approval
4/27/2011(Estimated)
6.
Award Contract
TBD
Vendor Evaluation Process and Criteria
The evaluators will consider how well the vendor’s proposed solution meets the needs of
Boulder County as described in the vendor’s response to the requirements and requests for
information. The responses should be clear, concise and complete so that the evaluators can
adequately understand all aspects of the proposal in a succinct fashion.
The following elements will be the primary considerations in evaluating submitted proposals and
selecting a Vendor:
1. The extent to which Vendor’s proposed solution fulfills Boulder County’s stated
requirements as set out in this RFP.
2. An assessment of the Vendor’s ability to deliver the indicated service in accordance
with the specifications set out in this RFP.
3. The Vendor’s stability, experiences, and record of past performance in delivering such
services.
4. Availability of sufficient high quality Vendor personnel with the skills and experience for
the specific approach proposed.
5. Overall cost of Vendor’s proposal.
This RFP provides general and technical information as well as the required format for
responses. Your submitted response will be a primary source of information used for system
evaluation and selection. Please include all required and appropriate information with your
RFP # 5634-12
Page 10 of 34
print: 3/14/2016
proposal. No other source of information submitted, written or verbal will be considered part of
your proposal.
Compensation
No payment of any kind will be provided to the submitting vendor, or parties they represent, for
obtaining any of the information solicited. Procurement of all equipment and services will be in
accordance with subsequent contractual action.
Commitments
All quotes should be submitted initially on the most complete basis and with the most favorable
financial terms available. The selected vendor’s proposal may, at Boulder County’s option, be
made part of the final purchase contract and all representations in the vendor’s proposal
may be considered commitments to supply the system as described.
RFP Revisions
Boulder County reserves the right to change the schedule or issue amendments to the RFP at
any time. Boulder County also reserves the right to cancel or reissue the RFP at any time.
Amendments or a notice of cancellation will be posted to Boulder County’s service provider’s
web site - Rocky Mountain E Purchasing System (RMEPS) by BidNet. It is the sole
responsibility of the respondent to monitor the same web site for the posting of such information.
Section 4: Evaluation Phases
Phase I – RFP & Responses
Completed RFP documentation must be received by Boulder County as described in the
preceding pages.
Phase II. - Training and software / service evaluations
The top vendors responding to the RFP will be asked to participate in Phase II. The goals of
this phase are to:
o
Allow Boulder County to determine whether our business processing and rules will need
to change in order to use your system and understand how data flows through your
application and integrates with our other systems.
o
Allow Boulder County Information Technology staff to understand how the application
and/or equipment functions in the proposed operating environment, including
performance and support processes.
o
Give the vendor a better understanding of Boulder County’s business practices and
business rules.
o
Provide insight into the implementation requirements.
Note: The vendor is responsible for all expenses related to Phase II.
Phase III. Final Letters of Qualification (optional)
As needed, Boulder County will send each vendor, satisfactorily meeting the requirements of
Phase II, an individual final letter of qualification which will ask for responses to questions,
deficiencies and or gaps coming out of the first two phases. Our final letters of qualification will
RFP # 5634-12
Page 11 of 34
print: 3/14/2016
be unique to each vendor and will address only those specifications and requirements that are
missing or need further clarification.
Phase IV: Contract Award and Execution

Boulder County reserves the right to make an award without further discussion of the
proposal submitted. Therefore, the proposal should be initially submitted on the most
favorable terms the vendors can offer. It is understood that the proposal will become a part
of the official file on this matter without obligation to Boulder County.

The general conditions and specifications of the RFP and the successful vendor’s response,
as amended by agreement between Boulder County and the vendor, will become part of the
contract documents. Additionally, the County will verify vendor representations that appear
in the proposal. Failure of the vendor’s products to meet the mandatory specifications may
result in elimination of the vendor from competition or in contract cancellation or termination.

The vendor selected as the apparently successful vendor will be expected to enter into a
contract with Boulder County including terms similar to those presented in the copy of
Boulder County’s Standard Contract, shown in Attachment -1. If the selected vendor fails
to sign and return the contract within ten (10) business days of delivery of the final contract,
Boulder County may elect to cancel the award and award the contract to the next-highestranked vendor.

No cost chargeable to the proposed contract may be incurred before the vendor has
received a fully executed contract.

Boulder County will not reimburse the contractor for non-business hour work (weekends and
evenings), travel, lodging, meals or other business costs. Insure these costs are included in
your RFP response.
Section 5: Company Information and Financials
Please provide the company and financial information requested here. Submit your responses
using the following table.
Also, please include a copy of your last 3 years of audited financial statements with your
submission.
Ref #
Information Request
1.
Describe your company’s corporate
structure, e.g. public, private,
governance, etc.
2.
How many employees in your company
are:
Full-time?
Part-time?
Contract?
RFP # 5634-12
Page 12 of 34
Vendor Response
print: 3/14/2016
3.
What is your company’s annual sales
revenue and net income (loss) for the
past 5 years?
What percentage of each year’s sales
revenue comes from customers using the
solution proposed in this response
4.
For the past 5 years what percentage of
your company’s revenue has been
invested in Research and Development
(R&D) for the solution proposed in this
response?
5.
Describe your target customer market for
the solution you propose
6.
How long has the SIEM system and
version you are proposing been released
(years / months)?
7.
How many customers do you have using
the SIEM solution proposed in your
response?
8.
Have you implemented the proposed
solution for any Colorado public sector
clients?
If yes, please provide a list of your
Colorado implementations.
Ref #
9.
Information Request
Vendor Response
What is the average size of the
customers using the SIEM solution
proposed in your response:
Employee count?
Desktop Count?
Server Count?
10.
Are there any outstanding lawsuits
against your company?
If so, please describe and explain what
impact an unfavorable outcome would
have on the company
11.
RFP # 5634-12
Is your company currently involved in any
Page 13 of 34
print: 3/14/2016
discussions or negotiations to be acquired
by another firm?
If yes, please describe the status of the
discussions / negotiations.
If your company is actively engaged in
being acquired, please describe the
targeted timeframes related to the
acquisition.
Section 6: Current Environment
Summary Biography of Boulder County
Boulder County is the sixth largest in population of the 64 counties in the state of Colorado. As
of 2009, Boulder County’s population was estimated to be over 303,000 according to the U.S.
Census Bureau. Located in the north-central part of Colorado, northwest of Denver, Boulder
County is large and diverse with both rural and urban settings.
The County encompasses 741 square miles and is situated on the eastern slope of the Rocky
Mountains. The University of Colorado at Boulder, the National Oceanic and Atmospheric
Administration and numerous scientific, research and recreational facilities are among the
attributes of the County.
Boulder County has multiple office locations with major county centers in Boulder, Longmont,
Louisville and Lafayette. The County is divided into three individual districts each represented
by a commissioner elected county-wide. The three County Commissioners are full-time public
servants who oversee the management of the County departments and the daily operations of
the county.
The Boulder County departments and elected offices include the following:
Administrative Services
Assessor’s Office
Clerk & Recorder’s Office
Commissioners’ Office
Community Services
Coroner’s Office
County Attorney
District Attorney’s Office
Housing & Human Services
Land Use
Parks & Open Space
Public Health
Public Trustees
Sheriff’s Office
Surveyor
Transportation
Treasurer’s Office
Additional information about these departments can be found on the Boulder County website at:
http://www.bouldercounty.org/government/dept/pages/default.aspx
RFP # 5634-12
Page 14 of 34
print: 3/14/2016
Summary of the Current Environment
Device Type
Windows Server
Product Name/Model
Version or
Model
Collection Method (eg.
Syslog, Event Log, etc.)
Quantity
Est. Daily
Volume –
LPD****
Windows
2008
Windows Event Log
250
2,500,000
Windows Server
Windows Domain Controller
*NIX Server
*NIX Server
Email
Email
Database
Database
Database
Web Server
Web Server
Proxy***
Windows
Windows
Other
CentOS Linux Server
Exchange
Sendmail
Microsoft SQL
Oracle 10g
Other
Microsoft IIS
Apache Tomcat
ModSecurity***
2000/2003
2008
RHEL 5
5.6
0
0
0
0
0
0
0
0
Windows Event Log
Windows Event Log
Syslog
Syslog
Windows Event Log
Syslog
Database (ODBC)
Database (ODBC)
Flat File (ASCII)
Flat File (ASCII)
Flat File (ASCII)
Flat File (ASCII)
50
4
6
6
6
3
32
16
5
10
2
1
500,000
800,000
60,000
60,000
450,000
225,000
2,400,000
1,200,000
375,000
750,000
150,000
125,000
Antivirus/Security Application
Firewall**
Firewall**
Router
Switch
IDS/IPS
VPN Appliance
TrendMicro OfficeScan
Checkpoint
Checkpoint
Cisco Router
Cisco
Snort
Other
0
0
0
0
0
0
CheckPoint
Syslog
Checkpoint (OPSEC LEA)
Checkpoint (OPSEC LEA)
Syslog
Syslog
Syslog
Syslog
5
3
12
40
85
1
1
250,000
6,000,000
24,000,000
200,000
425,000
125,000
50,000
Est. Total
40,645,000
*Estimated Log Volume. Actual volumes may vary.
**50% Log Deduplication rate assumed. Actual rates may vary.
***Parsing rules do not currently exist for device. Log Samples may be submitted for rule
development.
**** LPD = Lines per day
Key Deficiencies
Our primary objective in creating a SIEM system is to have an automatic alerting system that
can warn of potential security, hardware, or software threats and errors, where none exists
today.
RFP # 5634-12
Page 15 of 34
print: 3/14/2016
Section 7: Functional Requirements
The scope of the functional requirements described in this RFP includes the following subject
areas:
Functional Requirements
Log Data Collection and Log Management
Table 7.1
Cross platform log Collections
Table 7.2
Flat file log collection
Table 7.3
System Log collection
Table 7.4
Feature Set
Table 7.5
Optional Feature Set
Table 7.6
The proceeding pages describe Boulder County’s functional requirements for the solution
desired. The vendor will use the following values to self-rate how its solution meets Boulder
County’s requirements (see Vendor Self-Rating column).
Vendor selfRating
Definition
4
Feature is delivered as standard functionality in the proposed
version of the solution and can be demonstrated by the vendor.
3
Feature is not currently included but will be available in a future
release. Please indicate release date or time frame (e.g., 12
months).
2
Not included. Vendor provides customization at an additional cost
1
Feature is provided by a third party partnering arrangement.
Indicate any preferred partner agreements.
0
Requirement cannot be met.
In addition to self-rating each requirement, the vendor may provide additional comments to
elaborate on the rating, for example, how the requirement is met by the vendor’s proposed
solution or a recommended change or work-around to the requirement.
RFP # 5634-12
Page 16 of 34
print: 3/14/2016
Table 7.1 - Log Data Collection and Log Management Requirements
The solution shall have comprehensive log data collection
and log management as follows:
1.
The ability to collect any type of log data regardless of source.
2.
The ability to collect log data with or without installing an agent on the log source
device, system or application.
3.
The ability to "normalize" any type of log data for more effective reporting and
analysis.
4.
The ability to "scale-down" or "scale-up" dependent upon the environment.
5.
An open architecture allowing direct and secure access to log data via third-party
analysis and reporting tools.
6.
A role based security model providing user accountability and access control.
7.
Automated configurable archiving for secure long term retention of data and events.
8.
Wizard-based retrieval of any archived logs instantly.
Table 7.2 - Cross-Platform Log Collection Requirements
The solution shall be capable of performing cross-platform Log
Collection for the following:
9.
Microsoft Windows® System Event Log.
10.
Microsoft Windows® Security Event Log.
11.
Microsoft Windows® application Event Log.
12.
Microsoft Exchange Server® application logs.
13.
Microsoft SQL Server® application logs.
RFP # 5634-12
Page 17 of 34
Selfrating
Vendor Comments
Selfrating
Vendor Comments
print: 3/14/2016
Table 7.2 - Cross-Platform Log Collection Requirements
The solution shall be capable of performing cross-platform Log
Collection for the following:
14.
Microsoft Windows® based ERP and CRM system application logs.
15.
Microsoft SharePoint logs.
Table 7.3 - Flat File Log Collection Requirements
The solution shall be capable of performing log collection for Flat File
Logs, including the following.
16.
Web servers logs (e.g. Apache, IIS.)
17.
Linux system logs.
18.
Microsoft Windows® ISA server logs.
19.
DNS and DHCP server logs. (including Windows and BIND on RedHat)
20.
Host based intrusion detection/prevention systems.
21.
Homegrown application logs.
22.
Microsoft Exchange Server® message tracking logs.
Selfrating
Vendor Comments
Selfrating
Vendor Comments
Selfrating
Vendor Comments
Table 7.4 - Syslog Collection Requirements
The solution shall perform cross platform collections of all Syslogs.
23.
Microsoft Windows® servers.
24.
Microsoft Windows® desktop operating systems.
RFP # 5634-12
Page 18 of 34
print: 3/14/2016
Table 7.4 - Syslog Collection Requirements
The solution shall perform cross platform collections of all Syslogs.
25.
Networking appliances (Cisco Switches and Routers.)
26.
Linux servers (including BIND on RedHat).
Table 7.5 - Feature Set Requirements
The solution shall have the following features.
27.
Agent-less and Agent-based collection.
28.
Scalable and possess log centralization.
29.
Allow authorized users to record and maintain position descriptions / definitions
30.
Log archiving and retrieval.
31.
Activity auditing, including activities of firewalls, web Application Firewalls (WAFs)
and intrusion Detection Firewalls (IDF) and systems (IDS).
32.
The ability to alert for specific events from collected logs
Selfrating
Vendor Comments
Selfrating
Vendor Comments
Selfrating
Vendor Comments
Table 7.6 – Optional Feature Set Requirements
The solution shall, at the discretion of the vendor, have the following
features.
33.
Ability to collect logs from UPS devices.
RFP # 5634-12
Page 19 of 34
print: 3/14/2016
Section 8: Information Technology (IT) Requirements & Information Requests
This section includes specific information technology requirements for our SIEM solution.
requirements is a sub-section of technology information requests.
Following the information technology
Sections 8 & 9 Tables
8.1
Table 8.1
Information Technology Requirements (TR)
Table 8.2.1
General Technology Information Request (GT)
Table 8.2.2
Hosted Solution Information Request (HO)
Table 8.2.3
Services Oriented Architecture Information Request (SOA)
Table 8.2.4
Software Release Process Information Request (SR)
Table 8.2.5
System Support, Warranty and maintenance information Request (MA)
Table 8.2.6
Application Security Management Information Request
Table 9.1
Implementation Strategy information Request (IS)
Information Technology Requirements & Requests
The proceeding pages describe Boulder County’s information technology requirements for the proposed solution. The vendor should
use the following values to self-rate its solution’s match with each requirement (see Vendor Self-Rating column).
Rating
RFP # 5634-12
Meaning
Page 20 of 34
print: 3/14/2016
4
Requirement is standard feature or service in the proposed solution and can be demonstrated by the vendor.
3
Feature is not currently included but will be available in a future release. Please indicate release date or time frame
(e.g., mm/yyyy or in ‘nn’ months).
1
Feature is provided by a third party partnering arrangement. Indicate any preferred partner agreements.
0
Requirement cannot be met.
In addition to self-rating each requirement, the vendor may provide additional comments to elaborate on the rating, how the
requirement is met by the vendor’s proposed solution or recommended alternatives to the requirement.
Table 8.1 Information Technology Requirements
TR 1.
RFP # 5634-12
Vendor
Self-rating
Vendor Response
The vendor will staff the following implementation roles and
operational roles as appropriate to the proposed solution:
Project management
Database administration
System administration
Application administration
Software development
Data conversion
Testing lead
Testing Analyst
Page 21 of 34
print: 3/14/2016
Table 8.1 Information Technology Requirements
TR 2.
Vendor Response
During Implementation, the Vendor will provide a weekly progress
report that includes, but is not limited to, the following information:

Progress against plan Milestones

Accomplishments current period (major
activities/milestones)

Plans for next period (major activities/milestones)

Summary of risks and mitigation activities, especially
those with schedule, resource and / or cost implications

Summary of issues, impacts and resolution strategy,
especially those with schedule, resource and / or cost
implications

Change Management Activity
TR 3.
The Vendor will provide system administration documentation for
IT.
TR 4.
The proposed solution is compatible with IE browsers.
TR 5.
The solution does not rely on proprietary components, e.g.
database, reporting tools or other components that are not readily
available as commercial off-the-shelf software.
TR 6.
The solution uses Active Directory (or LDAP) for authentication,
version 2008-R2
TR 7.
If the solution does not provide for single sign-on via Active
Directory (or LDAP), the solution allows for configurable
password characteristics including minimum length, type of
characters permissible, length of time before the password must
be changed, password re-use restrictions - compliant with
Boulder County Information Technology policy
TR 8.
If the solution does not provide for single sign-on via Active
Directory (or LDAP), each user will be assigned a unique user ID,
although users may have multiple roles; no shared logins.
TR 9.
The solution allows the application server to be timesynchronized to a known source, e.g. NTP, NIST
RFP # 5634-12
Vendor
Self-rating
Page 22 of 34
print: 3/14/2016
Table 8.1 Information Technology Requirements
8.2
TR 10.
The solution allows automated, scheduled backup, archiving and
recovery processes
TR 11.
For
n software-as-a-service solution, the vendor will contractually
commit to compliance with federal, state and Boulder County
data privacy regulations and policies.
Vendor
Self-rating
Vendor Response
Technology Information Requests
The following pages detail our requests for information for technology-related features that are important to our evaluation of
your proposed solution. These requests for information are organized in the following sections:
1. General Technology
2. Software as a Service Solution
3. Boulder County Hosted Solution
4. Services Oriented Architecture (SOA)
5. Software Release Process
6. System Support, Maintenance and Warranty
7. Security Management
Vendor Response
Table 8.2.1. General Technology Information Request
GT-1
Define your system architecture, as well as hardware and other software
requirements; provide a schematic diagram of the proposed system
architecture, including a test environment configuration.
GT-2
What network operating systems are supported?
GT-3
Is your solution fully 32 or 64 bit compliant? Please explain.
RFP # 5634-12
Page 23 of 34
print: 3/14/2016
Vendor Response
Table 8.2.1. General Technology Information Request
GT-4
What internet browsers and versions are supported?
GT-5
Describe your security architecture, including any significant failures,
breaches or issues encountered in the last three years.
GT-6
Do users need administrative rights on the client machines to install any
of your solution components? If so, please elaborate.
GT-7
What are the network bandwidth requirements for your proposed
solution, e.g. site-to-site, etc.?
GT-8
What are the vendor-recommended client machine requirements,
including hardware specifications, operating software and other third
party components?
GT-9
Detail the application response times, benchmarks for processes such
as screen navigation, report generation, etc.
GT-10
Describe how your organization provides periodic system performance
evaluations for installed applications. How frequently are these
evaluations performed?
GT-11
Describe your data archival and retention approach, and corresponding
technology components, tools and features.
GT-12
Describe your software development process, e.g. methodology,
reviews, testing and quality assurance.
What is the test process for major releases?
GT-13
Will Boulder County be expected to perform any software development
work to support implementation? If yes, please describe.
GT-14
Is a 3rd-party reporting tool required or recommended? If yes, please
identify the specific product and version.
GT-15
How does your company stay current with technology?
RFP # 5634-12
Page 24 of 34
print: 3/14/2016
Vendor Response
Table 8.2.1. General Technology Information Request
GT-16
What are your company's policies and processes that insure the
software meets and accommodates changes to Colorado regulatory and
statutory requirements? e.g. Colorado Revised Statutes (CRS).
GT-17
What are your company's policies and processes that insure the
software meets and accommodates changes to federal regulatory and
statutory requirements? e.g. IRS
GT-18
Will Boulder County be charged for required statutory changes? If yes,
please elaborate.
GT-19
Who are your technical partners?
GT-20
Describe your process and timelines for compliance with new state and
federal regulations and statutes.
GT-21
Provide a summary of Environmental Sustainability initiatives and / or
actions your firm has taken in the last five years including a brief
description of the purpose and result of each, e.g. product longevity,
software and deployment optimization, power management, materials
recycling, telecommuting, education, etc.
GT-22
Provide a summary of Environmental Sustainability initiatives and / or
actions your firm has planned for the future with a brief description of the
target time frames and purpose of each.
GT-23
Describe any ‘green computing’ certifications your firm has achieved
related to the solution proposed for Boulder County, e.g.
GT-24
Describe any sustainability and / or ‘green computing’ awards your firm
has received.
RFP # 5634-12
Page 25 of 34
print: 3/14/2016
Ref #
Table 8.2.2 - Boulder County Hosted Solution Information
Request
HO 1
What are the vendor-recommended hardware server specifications?
HO 2
Is the application supported under VMware, version 4.x?
many customers are currently running VMware?
Does the server need to be pinned?
HO 3
Can the application be installed and maintained using Remote Desktop
Services?
HO 4
What are the vendor-recommended application server requirements, i.e.,
Operating System and other software? Versions?
HO 5
What database server software is recommended to implement your
application, including freeware, printer drivers, etc.? Versions?
If there are multiple database options, what is the vendor- recommended
database platform and version for your solution? What percent of your
current customer base operates on the recommended database?
HO 6
Does your proposed solution provide necessary licensing for third party
software, including database software, or do you expect Boulder County
to provide the licenses?
HO 7
Explain the delivered capabilities / tools for a system administrator to
monitor and manage solution components.
HO 8
Are there any built-in activity logs generated by the application? If yes,
does your application provide alerts to system administrators when logs
are reaching size thresholds?
Can your application control the percentage at which the system log full
warnings are given?
HO 9
Do you provide developer release notes and updated user
documentation / notes with each software release?
HO 10
What is your recommended method for vendor remote access to the
system housed within the Boulder County network?
RFP # 5634-12
Vendor Response
If yes, how
Page 26 of 34
print: 3/14/2016
Vendor Response
Table 8.2.3 - Services Oriented Architecture (SOA)
Information Request
SOA 1
What are your web services standards (e.g. WSDL, XML, SOAP,
UDDI)?
SOA 2
Describe the methods used to integrate your web services with other
systems / applications, e.g., flat files, web services, etc.
SOA 3
List and describe all available web services with your product, which
Boulder County systems or citizens can consume.
SOA 4
Describe web services API available with your product for integrating
with the following applications / standards:
a. MS-Outlook email and calendar
b. MS-Internet Explorer
c. MS-Word, EXCEL, Access
d. Adobe document publishing / viewing products
e. SunGard IFAS (Financials)
f. Sage Timesheet Professional
g. JournyX, (Timekeeping software)
h. Amicus (Case Management software)
i. PubWorks (Cost Accounting software)
j. Tiburon (Public Safety software)
k. Accela (Permit / Project time tracking software)
l. GoSignMeUp (Training Software)
m. e-Verify (Social Security Administration)
n. State Unemployment Office (State of Colorado)
o. CEDS (State of Colorado)
p. Internal Revenue Service (e.g. Form 941, EFTPS)
q. FileNet document management
r. ACH transmissions
s. Telephone service applications (e.g. for 911 purposes)
t. GIS applications (e.g. for Business Continuity / employee
locations)
SOA 5
Describe any other web services / APIs available with your product
RFP # 5634-12
Page 27 of 34
print: 3/14/2016
Table 8.2.4 Software Release Process Information Request
SR 1
What is your frequency and process for new software upgrades /
releases, e.g. planning, scheduling, notification, distribution /
implementation?
What latitude do your customers have regarding adoption of the
upgrades or changes?
SR 2
Please provide a summary timeline of software releases and upgrades
for the past 3 years, i.e. month, date, release or upgrade indicator and
summary description of the change
SR 3
How many software patches have you released for the software version
proposed in the past 12 calendar months?
SR 4
What software upgrades are included in the maintenance costs?
SR 5
What is the estimated average time and cost to your customers
associated with implementing a new software upgrade / release?
SR 6
Describe how software patches, upgrades and major releases are
distributed to your customers for installation, e.g. auto-upgrade at log-in,
Boulder County MSI build, etc.
SR 7
What is your expected software release schedule for the next two years
– frequency / dates and content?
SR 8
What software upgrades are not included in the maintenance costs?
What are the time and costs to Boulder County for implementing those
upgrades?
Vendor Response
Table 8.2.5. System Support, Warranty & Maintenance
Information Request
MA 1
How many support centers do you have and where are they located?
MA 2
What is the average experience level and average length of service of
your service and support staff?
RFP # 5634-12
Vendor Response
Page 28 of 34
print: 3/14/2016
Vendor Response
Table 8.2.5. System Support, Warranty & Maintenance
Information Request
MA 3
What technologies do you take advantage of to run your support
organization?
MA 4
Describe the warranty that comes with the purchased system. When
does the warranty begin and end?
MA 5
Detail the process for response to calls for service during the warranty
period.
MA 6
What are the hours of support, expected response time for calls for
service, and escalation process for unresolved problems during the
warranty period?
MA 7
Will Boulder County have a specific vendor technical point of contact
during the warranty period?
MA 8
Describe the maintenance contract that comes with the purchased
system.
MA 9
Detail the process for response to calls for service under the
maintenance contract.
MA 10
Do your support personnel typically interact with your customer’s
information technology personnel or end-user personnel?
MA 11
Describe Boulder County and Vendor roles and responsibilities for ongoing support.
MA 12
Describe recommended staff size and skillsets for Boulder County to
perform the on-going support roles and responsibilities.
MA 13
What is the expected product lifetime, i.e. before an application upgrade
requires changes to the hardware, OS, database application, etc.?
MA 14
Boulder County expects that the proposed system will respond to all online queries within an average of three (3) seconds or less, 95% of the
time. Hardware proposed should be adequate to reach that goal. Please
state any assumptions and factors that will guarantee the system
response times and the methodology for performance measurement
used to guarantee the required performance.
MA 15
Describe on-going end user support offerings such as Users’ Groups,
release training, etc.
RFP # 5634-12
Page 29 of 34
print: 3/14/2016
Vendor Response
Table 8.2.5. System Support, Warranty & Maintenance
Information Request
MA 16
Describe the timing and delivery of system administration manuals and
how you keep this documentation up-to-date.
MA 17
Describe the timing and delivery of database ERDs and data dictionaries
and how you keep this documentation up-to-date.
MA 18
Describe the timing and delivery of diagrams and associated
documentation describing the technical solution (including servers,
network, client machine configuration and connectivity). How do you
address changes to this documentation?
MA 19
Describe the timing and delivery of user reference manuals and/or online
help and how you keep this documentation up-to-date.
Ref#
Table 8.2.6. Application Security Management Information
Request
SEC 1
Does your application require DBA or SA rights be granted?
SEC 2
Does your application require authentication for access to data?
SEC 3
Can administrative login(s) to application have strong passwords?
SEC 4
Does application provide “anonymous” access?
SEC 5
Can the application force a password change at the first login?
SEC 6
Does the application allow for multiple logons for the same user at the
same time?
SEC 7
Does the application maintain and control password history?
SEC 8
List the built-in user IDs and their privileges.
SEC 9
Is sensitive application data encrypted at rest? In transit?
RFP # 5634-12
Page 30 of 34
Vendor Response
print: 3/14/2016
Ref#
Table 8.2.6. Application Security Management Information
Request
SEC 10
Are user credentials encrypted at rest? In transit?
SEC 11
What encryption methods are used?
SEC 12
Are encryption keys securely stored?
SEC 13
Are the cryptographic modules FIPS-140 compliant using the National
Institute of Standards and Technology’s FIPS 140-1 and FIPS 140-2
Vendor List at http://csrc.nist.gov/cryptval/?
SEC 14
Is the connection to database encrypted?
SEC 15
Are database users such as report creators or report users provisioned
appropriately, e.g. multiple users used for different roles, strong
passwords for all users?
SEC 16
Does the application log contain credentials (passwords, etc.)?
SEC 17
Does the application provide centralized logging support, such as
logging to syslog, included in the application?
SEC 18
Can application warn an administrator when the audit records are near
full?
SEC 19
What system privileges are necessary for the agent or application to
run? Detail whether the application runs only with those privileges
needed to operate.
SEC 20
Does your agent or application include any configuration files in clear
text used for authentication, e.g. clear text passwords?
SEC 21
Can the application display message(s) upon user logon? e.g. Use of
the application constitutes the user’s consent to monitoring; Use of the
application is limited to Boulder County business only; Unauthorized use
is subject to criminal prosecution
RFP # 5634-12
Page 31 of 34
Vendor Response
print: 3/14/2016
Ref#
Table 8.2.6. Application Security Management Information
Request
SEC 22
Describe how the application would address each of the following
security-related events. Please note whether the application logs detail
such as user and process IDs causing the event and timestamps.
a. Success or failure of attempt to access security file
b. Success or failure of event
c. Seriousness of event violation
d. Success or failure of login attempts
e. Denial of access resulting from excessive number of failed login
attempts
f. Blocking or blacklisting of a User ID, terminal, or access port and
reason for the action
g. Activities that might modify, bypass or negate security safeguards
controlled by the application
SEC 23
Does the application have the ability to log changes to user privileges
and to log access to sensitive data in an individually identifiable way?
SEC 24
If the solution is web-based, describe your Web Application firewall
configuration and features.
Vendor Response
Section 9: Implementation Strategy
The following pages detail our requests for information related to your implementation strategy that are important to our evaluation of
your proposed solution.
Ref#
IS 1
RFP # 5634-12
Vendor Response
Table 9.1 Implementation Strategy Information Request
How long is a typical solution implementation for the components you
propose?
Please identify major variables to the duration.
Page 32 of 34
print: 3/14/2016
Ref#
Vendor Response
Table 9.1 Implementation Strategy Information Request
IS 2
Describe implementation approaches you’ve successfully executed with
large customers that have multiple organizations, multiple legacy
processes and applications.
IS 3
Describe your proposed project management structure and organization
for the implementation effort.
IS 4
Describe your method and approach related to project communications,
e.g. content, frequency, media, audience
IS 5
Describe your experience level with project management, e.g. project
size, customer industries, scope.
IS 6
How do you scope, assign resources, build the Work Breakdown
Structure (WBS), estimate project duration and measure progress?
IS 7
Do your proposed project managers have PMI Project Management
Professional (PMP) certifications?
IS 8
Describe methods for controlling, monitoring and managing:
a. Change management
b. Issues escalation
c. Risks
d. Quality control
e. Schedule
f. Resource availability
g. Integration
IS 9
Describe wTable hat roles, responsibilities and team structure will be
provided by the Vendor.
IS 10
Are all of the resources proposed in the vendor’s solution currently on
staff and available for this implementation?
IS 11
What is your estimate of the number of Boulder County resources
needed to support implementation, by general skill set?
IS 12
Describe how existing history data is extracted and imported to your
system at conversion, including use of any 3rd party or proprietary ETL
tools.
RFP # 5634-12
Page 33 of 34
print: 3/14/2016
Ref#
Vendor Response
Table 9.1 Implementation Strategy Information Request
IS 13
Describe your method for managing user acceptance of the final
solution. For example, Acceptance Test Plan and/or Acceptance Test
Procesure.
IS 14
Describe your process for managing issues identified during
implementation, e.g. components failing to meet specifications
documented in the RFP or contract.
IS 15
Describe the steps and timing of transition from user acceptance to
warranty period.
IS 16
Provide a listing of documentation delivered with your proposed solution,
i.e. title, audience, format
RFP # 5634-12
Page 34 of 34
print: 3/14/2016