Purchase & Deployment of Security & Risk Management Technologies

North Carolina benefits from an enterprise approach to the purchase and deployment of security technologies as the state technology infrastructure is upgraded to support information technology consolidation.

The development and oversight of statewide contracts for security and risk management technologies – such as anti-virus, anti-spyware, encryption, business continuity planning and vulnerability management tools – enable standardization and enforcement of security policies. Aggregated security purchases allow the state to achieve the best value through economies of scale.

Currently across the nation, laptops are lost or stolen that might expose personally identifiable information and/or other confidential data. Data is also leaking from organizational control from the many endpoint devices used by employees. As custodians of government data, agencies are obligated to protect citizens’ information. To help state and local government agencies meet the need for mobile data encryption and protection from computer viruses and other malware, the state chief information officer established statewide contracts for mobile data encryption and anti-virus products and related services.

As the enterprise contracts for anti-virus and encryption tools have reached their respective termination dates, the replacement contract, State Term Contract 208M Endpoint Security Software Solution, requires an integrated approach focused on an endpoint security product suite. The suite approach concentrates on essential client (endpoint) security controls, such as malware defense (anti-virus, anti-spyware), client firewall management and data-at-rest protection (encryption). It supports the efficiencies of centralized management while lowering the lower total cost of ownership.

The Endpoint Security contract allows agencies to benefit from discounted state contract pricing while providing agencies with the flexibility to select the endpoint product suite on contract that best fits their IT environment.

Under this contract, vendors are responsible for providing all purchased suite products and client support, as well as optional consulting services. The listed vendors also offer mobile data encryption protection for removable media, file and folders and/or hand-held computing devices either as a part of their offered full disk encryption (FDE) product or as an optional purchase item.

It is mandatory that North Carolina executive branch agencies use this contract when purchasing endpoint security products including anti-virus and full-disk encryption products. Each executive branch agency must choose a single endpoint security product suite for use throughout the agency.

As executive branch agencies participate in consolidation efforts, they should coordinate selection and use of endpoint security product suite with NC DIT Operations. North Carolina community colleges, state universities, K-12 schools and local governments also have the option to purchase from this statewide contract. An endpoint security suite with anti-malware and full disk encryption is provided by NC DIT Desktop Services.

The State Term Contract 918A Security Assessment Services helps agencies fulfill requirements for independent security assessments to meet legal and regulatory compliance requirements.

Many of the products identified and used under enterprise contracts have become integrated into the state’s information technology infrastructure.