Purchase & Deployment of Security & Risk Management Technologies

North Carolina benefits from an enterprise approach to the purchase and deployment of security technologies as the state technology infrastructure is upgraded to support information technology consolidation.

The development and oversight of statewide contracts for security and risk management technologies – such as anti-virus, anti-spyware, encryption, business continuity planning and vulnerability management tools – enable standardization and enforcement of security policies. Aggregated security purchases allow the state to achieve the best value through economies of scale. Many of the products identified and used under enterprise contracts have become integrated into the state’s information technology infrastructure.

State Term Contract 918A Security Assessment Services

The State Term Contract 918A Security Assessment Services helps agencies fulfill requirements for independent security assessments to meet legal and regulatory compliance requirements. This contract is for Security Assessments Services that involve the evaluation of a wide range of technical, operational and managerial processes and mechanisms used to protect networks, information, and critical State Data. Such services may include, but are not limited to, the following: risk assessments, remediation suggestions, policy development services, security consultation services, incident response services, and training services.

This contract is a MANDATORY Statewide TERM Contract for the use of Executive Branch State Governmental Agencies and is a Convenience Contract, not mandatory, for the use of non-State Agencies permitted by law. Non-State Agencies presently include the North Carolina University System and its member campuses, Instructional components of the Department of Public Instruction, Instructional components of the Department of Community Colleges, as well as Local (Municipal and County) Governments.

State Term Contract 208M Endpoint Security Software Solution

Currently across the nation, laptops are lost or stolen that might expose personally identifiable information (PII) and/or other confidential data. Data is also leaking from organizational control from the many endpoint devices used by employees. As custodians of government data, agencies are obligated to protect citizens’ information. To help state and local government agencies meet the need for mobile data encryption and protection from computer viruses and other malware, the state chief information officer established statewide contracts for mobile data encryption and anti-virus products and related services.

As the enterprise contracts for anti-virus and encryption tools have reached their respective termination dates, the replacement contract, State Term Contract 208M Endpoint Security Software Solution, requires an integrated approach focused on an endpoint security product suite. The suite approach concentrates on essential client (endpoint) security controls, such as malware defense (anti-virus, anti-spyware), client firewall management and data-at-rest protection (encryption). It supports the efficiencies of centralized management while lowering the lower total cost of ownership.

The Endpoint Security contract allows agencies to benefit from discounted state contract pricing while providing agencies with the flexibility to select the endpoint product suite on contract that best fits their IT environment.

Under this contract, vendors are responsible for providing all purchased suite products and client support, as well as optional consulting services. The listed vendors also offer mobile data encryption protection for removable media, file and folders and/or hand-held computing devices either as a part of their offered full disk encryption (FDE) product or as an optional purchase item.

It is mandatory that North Carolina executive branch agencies use this contract when purchasing endpoint security products including anti-virus and full-disk encryption products. Each executive branch agency must choose a single endpoint security product suite for use throughout the agency.

As executive branch agencies participate in consolidation efforts, they should coordinate selection and use of endpoint security product suite with NC DIT Operations. North Carolina community colleges, state universities, K-12 schools and local governments also have the option to purchase from this statewide contract. An endpoint security suite with anti-malware and full disk encryption is provided by NC DIT Desktop Services.