|
Is your bandwidth centralized or distributed across locations? What does your internet egress architecture look like? What level of sustained bandwidth do you currently maintain?
|
|
|
How many endpoint and server devices need to be managed under the Security Operations Center? What vulnerability scanning solution do you currently use?
|
|
|
One 6GB internet circuit is utilized for all sites. Traffic from our internal network egresses through a pair of high availability firewalls which performs NAT to a public ip provided by our ISP and terminates on a 6GB internet circuit.
|
|
|
How many servers do you have? Are you running O365 or Gsuite? If so how many employee and student users do you have? What is the bandwidth and connectivity at your main site where your data center is located?
|
|
|
Q: How many endpoint and server devices need to be managed under the Security Operations Center? What vulnerability scanning solution do you currently use?
A: Roughly 2600 endpoints and 45 servers. Currently Crowdstrike is our EDR solution.
|
|
|
Since CrowdStrike is currently deployed as your EDR solution, would you prefer a SOC service that is delivered directly through CrowdStrike (e.g., Falcon Complete or a CrowdStrike-aligned MSSP), or are you open to other SOC providers
that integrate with CrowdStrike for visibility and response?
|
|
|
GSG's Questions
1. Could you please share a detailed breakdown of asset categories across all sites? (e.g., Chromebooks, Windows laptops, servers, IoT devices)
2. What is the approximate number of endpoints to be covered under patch management, SIEM, NAC, and SOC?
3. Are Chromebooks enrolled in any centralized MDM or endpoint management platform?
4. Are all schools and centers part of the same network domain or segmented across zones?
5. Could you confirm whether an existing EDR platform is deployed across staff and student endpoints, or should the proposed solution include one to enable telemetry for SIEM and SOC functionality?
6. Can you confirm the endpoint OS distribution across staff and faculty? (Windows, macOS, Chrome OS, Linux)
7. What existing cybersecurity tools (e.g., EDR, antivirus, vulnerability scanners) are currently in use?
8. Which Microsoft license tier is used across staff and faculty—M365 G3, G5, G5 Security add-on, or equivalent Education SKUs such as A3/A5?
9. Is Google Workspace used exclusively for students or does it extend to staff functions as well?
10. Are you seeking full implementation with licensing included for Patch Management, SIEM, NAC, and SOC, or do any components already exist?
11. Is there a preference for cloud-based, on-premise, or hybrid deployment models across the four solution areas?
12. What level of integration is expected with existing identity platforms (Azure AD, Google Workspace, local AD)?
13. Is the expectation for the vendor to deliver both active monitoring and incident response within the SOC scope?
14. Can you provide more detail on the escalation protocols and district-defined incident response procedures referenced in the RFP?
15. Will the selected vendor be required to generate and deliver executive-level reports beyond the standard alert summaries?
16. Is 24x7x365 coverage mandated for all solution components, or only for SOC services?
17. Is real-time response (triage and resolution) expected for SIEM alerts or limited to ticket generation/escalation?
18. What is the expected SLA for critical vs. medium/low priority incidents?
19. Can you confirm the expectations around post-implementation training? (Frequency, audience, format—virtual or on-site)
20. Are regular policy reviews expected to be vendor-led, and at what cadence (e.g., quarterly, semi-annually)?
21. Will SCPPS require long-term operational support post-deployment such as rule tuning, policy updates, and vulnerability assessments?
22. Is SCPPS open to phasing the implementation (e.g., SOC services in Year 1, NAC in Year 2)?
23. Is there flexibility in bundling optional services or enhanced analytics as part of the proposal?
24. Should recurring costs include optional service extensions beyond the 3-year base term?
25. Can you confirm whether SCPPS currently has an existing SIEM platform deployed? If so, could you share its architecture (cloud/on-prem/hybrid), log sources integrated, and any preferences or constraints around retaining or
replacing it as part of this pilot program?
26. Additionally, are there any preferred or approved cybersecurity platforms or vendors (e.g., Microsoft Sentinel, Palo Alto XSIAM, Splunk, etc.) already in scope for compatibility, procurement, or standards alignment?
|
|
|
? Patch Management
? Security Information and Event Management (SIEM)
? Network Access Control (NAC)
? 24/7 Security Operations Center (SOC)
Can you submit bid for individual security control (eg. only Patch Management) or should it be all in one bid?
|
|
|
Of the 2600 endpoints mentioned in one of the answers below, are any of those Chromebooks?
|
|
RedHat on 01-Aug-2025 1:00:09 PM CDT
1. What is included in your total endpoint count? (45 servers, but what are the other 2500+ endpoints?)
2. What is the breakdown of equipment involved in this project?
3. What Student Information System (SIS) are you using and is it protected separately from your other systems?
4. What is your current Operating System (OS) distribution? (Linux, Windows, Oracle, etc.)
5. What is the current level of IT automation for provisioning, configuration, and security tasks? Are you using any automation tools today?
|
|
|
C Spire Business Questions:
MDR Questions for SOC SIEM Solution:
Can you please provide us with a breakdown of your total number of users; how many students vs. how many are faculty/staff?
NAC Solution Questions:
How many total expected concurrent authenticated sessions for managed and unmanaged devices for both wired and wireless?
-Of the total devices...
-About how many are domain-joined devices do you have that will be utilizing 802.1x
-How many devices are expected to be utilizing ISE posturing?
-For client-based posturing using Cisco Secure Client - do you currently have Secure Client Premier/Apex licensing?
-About how many devices are non-managed connecting requiring Profiling? (This would typically be wired devices that are not domain joined)
-If MDM validation is expected - about how many devices are managed via MDM
-About how many concurrent guest endpoints are expected
What type of OS are end user clients running (Win10, Win11, MAC-OSX, Linux (which distros) etc.)
What type of licensing term are you wanting to see (1yr, 3yr, 5yr, etc)
ISE can be deployed in cloud DCs like Azure and also on-prem with physical or virtual appliances. Which method would you prefer? Can be mixed/matched?
For on-prem, if using VMs, what hyper visor do you use currently (Nutanix, ESXi, etc.)
For on-prem, how many data centers would you want ISE appliances deployed (ISE runs an active/active cluster configuration)
If multiple data centers - what is the latency between each DC?
Do you currently have an Active Directory PKI environment which can be used to create certificate templates and pushed via GPO to clients/users??
|
|
|
Desktop management
How many total endpoints (servers/workstations) by OS and version?(Windows 10 or 11, macOS, Linux)? Are all OS supported by the vendor?
• Do you expect coverage for devices off-network?
• Which first/third-party catalogs must be in scope (Microsoft, Adobe, Oracle, Java, Chrome, Zoom, etc.)? Any line-of-business apps needing custom packages?
• How are you planning on using the vulnerability feeds with Crowdstrike and Symantec?
• How are you planning on using RBAC roles?
• What is the required Audit log retention period?
• Preferred deployment model (cloud, on-prem, hybrid)?
• What speed circuit do you have for internet access and where is it located?
• Do you have a network diagram that you can share?
• Can you provide a site list with current internet/WAN bandwidth and user counts so we can size NGFW and SOC connections appropriately?
• What is the make/model of the current firewall?
• Are you using MFA? If so, what?
• Are you looking for a vendor that can provide everything or can a vendor submit the RFP with a subset of the services requested?
NAC
• How many total devices connect to the network? (ie. Windows, macOS, iOS/iPadOS, Android, Chromebooks/laptops, printers, VoIP, cameras, IoT). Any seasonal peaks?
• Is there an existing NAC (e.g., 802.1X on WLAN or wired, or another platform) we are replacing? If so, what’s in place and what pain points should the new solution address?
• Which identity providers will be authoritative for staff/students/guests: on-prem AD, Azure AD/Entra ID, Google Workspace (for students), LDAP? Any multi-forest trusts?
• Does the district issue and manage certs for all endpoints (incl. Chromebooks via Google Admin, iOS/iPadOS via MDM, macOS via Jamf/Intune, Windows via GPO/Intune)?
• Are there any guest/BYOD requirements?
• Can you list wired switch and wireless vendors/models/versions at each site? (Cisco Catalyst, Meraki, Aruba, etc.).
• On wireless, what controllers/cloud platforms are in use (Catalyst 9800, Meraki, Aruba)? Any planned refreshes during the project window?
• Do you require TACACS+ for network device admin AAA as part of NAC scope?
• What is the preferred enforcement mechanism for segmentation?
• Do you require separate SSIDs/VLANs for guest/BYOD or dynamic assignment on a common SSID?
• For posture, which platforms must be evaluated (Windows/macOS)? What checks (AV status, OS version/patch level, disk encryption, firewall) should drive quarantine/remediation?
• Do you currently have a virtual environment? If so, what type? What hypervisor?
• What hypervisor/resources are available? Any constraints for DMZ nodes?
• What is the HA/DR expectations for the NAC solution?
SIEM
Can you confirm in-scope log sources? (firewalls, switches/routers, AV/EDR, domain controllers, servers, laptops/desktops cloud: Azure/Entra, AWS, Google)
• How do you plan on using the captured logs?
• What it the log retention policy?
• Explain the role-based access expectations?
• What is the hosting preference (cloud, hybrid, on-prem) and any data residency requirements?
• Will you consider a managed SIEM service (MSSP/MDR) vs. self-managed?
SOC
Which telemetry sources must the SOC monitor (network, endpoints, servers, cloud)? Any additional SaaS apps?
• Should the SOC open/update/close tickets in your system or its own portal? What bi-directional updates and comment visibility are required?
• Should the SOC provide hands-on containment/response or guidance-only with district execution? Any expectation of forensics support and threat hunting cadence?
|
|
|
Q: Since CrowdStrike is currently deployed as your EDR solution, would you prefer a SOC service that is delivered directly through CrowdStrike (e.g., Falcon Complete or a CrowdStrike-aligned MSSP), or are you open to other SOC
providers that integrate with CrowdStrike for visibility and response?
A:We are open to providers that integrate with Crowdstrike
|
|
|
Q: Can you submit bid for individual security control (eg. only Patch Management) or should it be all in one bid?
A: Vendors are invited to submit proposals for any or all of the above-listed solution areas.
|
|
|
Q: Of the 2600 endpoints mentioned in one of the answers below, are any of those Chromebooks?
A: No
|
|
|
Q: How many servers do you have? Are you running O365 or Gsuite? If so how many employee and student users do you have? What is the bandwidth and connectivity at your main site where your data center is located?
A: 45 Servers. Gsuite. 1,800 employees and more than 9,100 students. 6GB bandwidth
|
|
|
Q: How many total endpoints (servers/workstations) by OS and version?(Windows 10 or 11, macOS, Linux)? Are all OS supported by the vendor?
A: We are actively upgrading our Windows 10 devices to Windows 11 so the quantities are changing during this process. We do not have Linux devices
Q: Do you expect coverage for devices off-network?
A: Yes
Q: Which first/third-party catalogs must be in scope (Microsoft, Adobe, Oracle, Java, Chrome, Zoom, etc.)? Any line-of-business apps needing custom packages?
A: All listed
Q: How are you planning on using the vulnerability feeds with Crowdstrike and Symantec?
A: Keeping up to date with CVEs
Q: How are you planning on using RBAC roles?
A: Rights based on IT staff role (ex. Administrator with full control, helpdesk staff with limited control)
Q: What is the required Audit log retention period?
A: Minimum 30 days
Q: Preferred deployment model (cloud, on-prem, hybrid)?
A: Cloud, however we are open to other options
Q: What speed circuit do you have for internet access and where is it located?
A: 6GB data center
Q: Do you have a network diagram that you can share?
A: No
Q: Can you provide a site list with current internet/WAN bandwidth and user counts so we can size NGFW and SOC connections appropriately?
A: 6GB internet connection, WAN links vary between 250MB to 2GB for the 15 schools, 5 centers, and 7 sites with 1,800 employees and more than 9,100 students
Q: What is the make/model of the current firewall?
A: Checkpoint
Q: Are you using MFA? If so, what?
A: Yes, DUO
Q: Are you looking for a vendor that can provide everything or can a vendor submit the RFP with a subset of the services requested?
A: Vendors are invited to submit proposals for any or all of the above-listed solution areas.
|
|
|
NAC
Q: How many total devices connect to the network? (ie. Windows, macOS, iOS/iPadOS, Android, Chromebooks/laptops, printers, VoIP, cameras, IoT). Any seasonal peaks?
A: Roughly 20,000 not concurrently Aug - May are peaks
Q: Is there an existing NAC (e.g., 802.1X on WLAN or wired, or another platform) we are replacing? If so, what’s in place and what pain points should the new solution address?
A: 802.1x wireless Windows NPS
Q: Which identity providers will be authoritative for staff/students/guests: on-prem AD, Azure AD/Entra ID, Google Workspace (for students), LDAP? Any multi-forest trusts?
A: Hybrid AD & Azure, Google Workspace
Q: Does the district issue and manage certs for all endpoints (incl. Chromebooks via Google Admin, iOS/iPadOS via MDM, macOS via Jamf/Intune, Windows via GPO/Intune)?
A: Yes
Q: Are there any guest/BYOD requirements?
A: Must be segmented from internal network
Q: Can you list wired switch and wireless vendors/models/versions at each site? (Cisco Catalyst, Meraki, Aruba, etc.).
A: Meraki and Cisco across all sites
Q: On wireless, what controllers/cloud platforms are in use (Catalyst 9800, Meraki, Aruba)? Any planned refreshes during the project window?
A: Meraki
Q: Do you require TACACS+ for network device admin AAA as part of NAC scope?
A: No
Q: What is the preferred enforcement mechanism for segmentation?
A: Open to vendor recommendations
Q: Do you require separate SSIDs/VLANs for guest/BYOD or dynamic assignment on a common SSID?
A: Separate SSID for guest/BYOD
Q: For posture, which platforms must be evaluated (Windows/macOS)? What checks (AV status, OS version/patch level, disk encryption, firewall) should drive quarantine/remediation?
A: OS version, presence of AV
Q: Do you currently have a virtual environment? If so, what type? What hypervisor?
A: ESXi
Q: What hypervisor/resources are available? Any constraints for DMZ nodes?
A: No
Q: What is the HA/DR expectations for the NAC solution?
A: caching, fallback policy, if redundant proposed please specify
|
|
|
SIEM
Q: Can you confirm in-scope log sources? (firewalls, switches/routers, AV/EDR, domain controllers, servers, laptops/desktops cloud: Azure/Entra, AWS, Google)
A: Checkpoint, Cisco Meraki, Crowdstrike, Windows, MacOS
Q: How do you plan on using the captured logs?
A: Incident response, forensics
Q: What it the log retention policy?
A: Minimum 30 days
Q: Explain the role-based access expectations?
A: Rights based on IT staff role (ex. Administrator with full control, helpdesk staff with limited control)
Q: What is the hosting preference (cloud, hybrid, on-prem) and any data residency requirements?
A: Open to different deployment options
Q: Will you consider a managed SIEM service (MSSP/MDR) vs. self-managed?
A: Yes
SOC
Q: Which telemetry sources must the SOC monitor (network, endpoints, servers, cloud)? Any additional SaaS apps?
A: Firewall, endpoints, servers
Q: Should the SOC open/update/close tickets in your system or its own portal? What bi-directional updates and comment visibility are required?
A: Own portal
Q: Should the SOC provide hands-on containment/response or guidance-only with district execution? Any expectation of forensics support and threat hunting cadence?
A: containment, response, and forensics in coordination with SCPPS staff
|
|
|
MDR Questions for SOC SIEM Solution
Q: Can you please provide us with a breakdown of your total number of users; how many students vs. how many are faculty/staff?
A: 1,800 employees and more than 9,100 students.
NAC Solution Questions
Q: How many total expected concurrent authenticated sessions for managed and unmanaged devices for both wired and wireless?
A: Roughly 10,000
Q: How many devices are expected to be utilizing ISE posturing?
A: Roughly 2,600 domain joined and roughly 9,000 chromebooks
Q: For client-based posturing using Cisco Secure Client - do you currently have Secure Client Premier/Apex licensing?
A: No
Q: About how many devices are non-managed connecting requiring Profiling? (This would typically be wired devices that are not domain joined)
A: No official count
Q: If MDM validation is expected - about how many devices are managed via MDM
A: roughly 3,000
Q: About how many concurrent guest endpoints are expected
A: No official count
Q: What type of OS are end user clients running (Win10, Win11, MAC-OSX, Linux (which distros) etc.)
A: Win10, Win 11, MacOs, ChromeOs
Q: What type of licensing term are you wanting to see (1yr, 3yr, 5yr, etc)
A: 1yr, 3yr
Q: ISE can be deployed in cloud DCs like Azure and also on-prem with physical or virtual appliances. Which method would you prefer? Can be mixed/matched?
A: Open to different deployment options
Q: For on-prem, if using VMs, what hyper visor do you use currently (Nutanix, ESXi, etc.)
A: ESXi
Q: For on-prem, how many data centers would you want ISE appliances deployed (ISE runs an active/active cluster configuration)
A: One data center
Q: Do you currently have an Active Directory PKI environment which can be used to create certificate templates and pushed via GPO to clients/users??
A: Yes
|
|
|
Q: What is included in your total endpoint count? (45 servers, but what are the other 2500+ endpoints?)
A: Windows PCs, MacOS
Q: What Student Information System (SIS) are you using and is it protected separately from your other systems
A: Our SIS is a cloud based solution
Q: What is your current Operating System (OS) distribution? (Linux, Windows, Oracle, etc.)
A: Windows
Q: What is the current level of IT automation for provisioning, configuration, and security tasks? Are you using any automation tools today?
A: Yes, we are using automation tools
|
|
|
Q: Could you please share a detailed breakdown of asset categories across all sites? (e.g., Chromebooks, Windows laptops, servers, IoT devices)
A: roughly 2,600 domain joined and roughly 9,000 chromebooks, 45 servers, no official count IoT
Q: What is the approximate number of endpoints to be covered under patch management, SIEM, NAC, and SOC?
A: 13,000+
Q: Are Chromebooks enrolled in any centralized MDM or endpoint management platform?
A: GSuite
Q: Are all schools and centers part of the same network domain or segmented across zones?
A: Segmented by vlans
Q: Could you confirm whether an existing EDR platform is deployed across staff and student endpoints, or should the proposed solution include one to enable telemetry for SIEM and SOC functionality?
A: Currently utilizing Crowdstrike
Q: Can you confirm the endpoint OS distribution across staff and faculty? (Windows, macOS, Chrome OS, Linux)
A: Windows, macOS, Chrome OS
Q: What existing cybersecurity tools (e.g., EDR, antivirus, vulnerability scanners) are currently in use?
A: Crowdstrike
Q: Which Microsoft license tier is used across staff and faculty—M365 G3, G5, G5 Security add-on, or equivalent Education SKUs such as A3/A5?
A: Intune Plan 1 for Education, Office 365 A1
Q: Is Google Workspace used exclusively for students or does it extend to staff functions as well?
A: Both
Q: Are you seeking full implementation with licensing included for Patch Management, SIEM, NAC, and SOC, or do any components already exist?
A: Full implementation with licensing
Q: Is there a preference for cloud-based, on-premise, or hybrid deployment models across the four solution areas?
A: Open to different deployment options
Q: What level of integration is expected with existing identity platforms (Azure AD, Google Workspace, local AD)?
A: Visibility, compatibility
Q: Is the expectation for the vendor to deliver both active monitoring and incident response within the SOC scope?
A: Yes
Q: Can you provide more detail on the escalation protocols and district-defined incident response procedures referenced in the RFP?
A: Vendor should define escalation paths available (ex.Tier 1, Tier 2, etc)
Q: Will the selected vendor be required to generate and deliver executive-level reports beyond the standard alert summaries?
A: Executive reports on security posture
Q: Is 24x7x365 coverage mandated for all solution components, or only for SOC services?
A: Open to a managed SIEM
Q: Is real-time response (triage and resolution) expected for SIEM alerts or limited to ticket generation/escalation?
A: Should be handled in coordination with SCPPS staff
Q: What is the expected SLA for critical vs. medium/low priority incidents?
A: Critical 30mins - 1 hour, Medium up to 2 hours, Low up to 4 hours
Q: Can you confirm the expectations around post-implementation training? (Frequency, audience, format—virtual or on-site)
A: One training session and can be either on-site or virtual for the IT staff
Q: Are regular policy reviews expected to be vendor-led, and at what cadence (e.g., quarterly, semi-annually)?
A: Yes annually, semi-annually
Q: Will SCPPS require long-term operational support post-deployment such as rule tuning, policy updates, and vulnerability assessments?
A: Yes
Q: Is SCPPS open to phasing the implementation (e.g., SOC services in Year 1, NAC in Year 2)?
A: We would like to have all components functioning within a reasonable amount of time
Q: Is there flexibility in bundling optional services or enhanced analytics as part of the proposal?
A: Please add optional services to cost sheet
Q: Should recurring costs include optional service extensions beyond the 3-year base term?
A: This is dependent on E-Rate rules for the pilot
Q: Can you confirm whether SCPPS currently has an existing SIEM platform deployed? If so, could you share its architecture (cloud/on-prem/hybrid), log sources integrated, and any preferences or constraints around retaining or
replacing it as part of this pilot program?
A: No
Q: Additionally, are there any preferred or approved cybersecurity platforms or vendors (e.g., Microsoft Sentinel, Palo Alto XSIAM, Splunk, etc.) already in scope for compatibility, procurement, or standards alignment?
A: Checkpoint, Crowdstrike
|
|
BID SUBMITTAL INFORMATION
DOWNLOAD BID DOCUMENTS
TAGS
PUBLIC MESSAGE BOARD
UPDATE/ADDENDUM HISTORY