Beruflich Dokumente
Kultur Dokumente
Scope of Work
This document outlines the requirements and specifications for the design, supply, installation and implementation of the
Managed Security Information and Event Management System (MSIEM), Privilege Access Management (PAM) solutions, and
managed security services required by Client in both primary and secondary Data Centers.
1|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
CONTENTS OF RFP
1 RFP OBJECTIVES..................................................................................................................................................................................... 3
1.1 OVERVIEW ............................................................................................................................................................................................................................3
1.2 STATEMENT OF CONFIDENTIALITY ....................................................................................................................................................................................3
1.3 SERVICE PROVIDERS RESPONSE ......................................................................................................................................................................................................3
1.4 QUESTIONS AND CLARIFICATIONS ....................................................................................................................................................................................3
1.5 PROJECT TIME FRAME ........................................................................................................................................................................................................3
2 GENERAL SPECIFICATIONS ................................................................................................................................................................... 4
2.1 ABOUT THE CLIENT ..............................................................................................................................................................................................................4
2.2 CURRENT ENVIRONMENT ...................................................................................................................................................................................................4
2.3 SCOPE OF WORK .................................................................................................................................................................................................................4
2.4 NON-TECHNICAL SPECIFICATIONS ..................................................................................................................................................................................................5
3 CONDITIONS AND TECHNICAL REQUIREMENTS ....................................................................................................................... 6
3.1 CONDITIONS ........................................................................................................................................................................................................................6
3.2 SIZING FOR (SIEM) AND (PAM) SOLUTIONS ................................................................................................................................................................7
3.3 TECHNICAL REQUIREMENTS FOR (SIEM) AND (PAM) .................................................................................................................... 8
3.3.1 SIEM Technical Requirements ............................................................................................................................. 8
3.3.2 PAM Technical Requirements .............................................................................................................................. 8
3.3.3 Engineering Requirements .................................................................................................................................. 9
3.3.4 Monitoring Requirements .................................................................................................................................. 10
3.3.5 Incident Response and Forensics .............................................................................................................................. 11
3.3.6 The secondary Threat Intelligence Feed requirements ..................................................................................... 11
3.3.7 Proactive Services ....................................................................................................................................................... 12
4 WARRANTY, SUPPORT, AND LICENSES REQUIREMENTS....................................................................................................... 13
5 TRAINING, DOCUMENTATION REQUIREMENTS AND KNOWLEDGE ..................................................................................... 14
6 EVALUATION CRITERIA .............................................................................................................................................................. 15
2|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
1 RFP objectives
1.1 Overview
Client is looking to further strengthen its Information Security Systems by engaging a Managed Security Services Partner to:
Licenses renewal, warranty and support of the existing SIEM (IBM QRADAR) or provide a replacement solution that is
compliant with the terms and conditions in this document and UAE IA Standards.
Improve Client’s cyber security resilience through a 24 x 7 security monitoring for the business critical applications
and all devices involved in transactions.
The purchase, installation, and configuration of Privileged Access Management solution (PAM) compliant with the
terms and conditions in this document and UAE IA Standards
Provide licenses, warranty and support for all components, software and services detailed in this contract for Three
years and six months.
1.2 Statement of Confidentiality
This RFP and all materials submitted by CLIENT must be considered confidential. CLIENT requests that this RFP must not be
forwarded to any third party for evaluation or for any other purpose without the express written consent of CLIENT. When
submitting confidential material to CLIENT, the bidder must clearly mark it as such.
1.3 Service providers Response
The service provider's response should contain technical information and pricing details of their products & services, which
will meet or exceed Client’s requirements & specifications as described in this document.
The proposal should also contain the service provider’s corporate profile & scope of capability information.
In order to expedite the evaluation process and fairly evaluate all proposals, it is mandatory that the general Terms &
Conditions are being accepted.
Failure to agree or comply to any of the terms and conditions or not following the required mandatory outline or not providing
required information as softcopy or will result in a bidder's proposal being disqualified from the evaluation.
1.4 Questions and Clarifications
The service provider can request for a meeting with Client technical team to ask for clarification about the RFP as per the
following conditions:
1. All meetings will be held in Client, it’s not allowed to arrange for any meeting outside of Client.
2. Client can approve or deny the meeting request.
1.5 Project Time Frame
Client intends to offer a contract for three years and six months, to provide the solution as per requirements mentioned in this
document. Client preserves the right to terminate the contract upon nonperformance or noncompliance to the agreement
commitment.
3|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
2 General Specifications
2.1 About the Client
The Client is responsible for proposing the economic and commercial policy of the Abu Dhabi Emirate and preparing the plans
and programs required for implementing such policy. It is also responsible for conducting the necessary studies to encourage
and promote the private sector. The Client provides commercial licensing and trade name registration. It also participates in
economic and trading seminars and conferences locally and internationally.
To achieve such objectives, the Department takes charge of the major following activities:
1. Lay out mechanisms for activating economic sectors.
2. Lay out programs and plans to encourage investments.
3. Study negative trade phenomena, give proposals to limit their negative impact on the growth of the commercial
sector, and familiarize consumers and merchants with the damages of commercial deceit.
4. Lay out marketing plans to attract foreign investments in the economic activities that are required to be developed.
2.2 Current Environment
1. Client is currently using Qradar as the SIEM solution.
2. No system currently in place for Privileged Access Management (PAM)
2.3 Scope of Work
The security service provider must provide following services while retaining all the logs in Client premises:
1. The vendor must conduct a site survey to collect all the information about the existing infrastructure, SIEM solution
and about the new requirements.
2. The proposed solutions must be prepared based on collected information to accomplish the successful deployment
of the project, as per Client’s requirements
3. The provisioning of the accompanying licenses, warranties and support from the manufacturers and the local vendor
for (PAM) solution as per the requirements and conditions of this document.
4. Licenses and support renewal of existing SIEM solution.
5. In case of proposing an alternative SIEM solution, it must provision the accompanying licenses, warranties and
support from the manufacturers and the local vendor for the SIEM solution as per the requirements and conditions
of this document.
6. The installation and configuration of all systems within this contract as per the requirements of this document and
the business requirements of Client.
7. Migration of existing SIEM from the physical hardware to the virtual environment.
8. Perform all the required configuration and fine tuning to make sure that the system will receive all the logs from
existing networks, security, servers/applications and Database infrastructure.
9. API Integration of SIEM solution with existing Client’s network, security and servers/applications infrastructure.
10. The full installation, License Activation, configuration and fine tuning of the proposed solutions to ensure its
compliance with UAE IA Standards requirements.
11. Integrate the proposed solutions with Client’s existing network and security infrastructure.
12. Provide management, support, and maintenance services which meet all the requirements listed in this document.
13. The Managed SIEM shall be able to identify information security threats/ vectors targeting Client's environment. It
must be able to prevent any impact or breach through implementation of adequate security mechanisms.
14. Incident Management: Reporting and logging of information security incidents. Track and monitor the closure of these
information security incidents and escalation of these incidents to appropriate teams/ individuals in Client, if required.
4|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
15. The vendor is responsible to perform 24x7x365 log monitoring and analysis for all Client business critical applications
and all devices involved in the transactions.
16. Information security incident management around the clock.
17. Rapid response to incidents.
18. Continuous security baseline improvement for the proposed solution.
19. Protection against identity theft and fraud, user behavior analysis and detecting suspicious transactions.
2.4 Non-technical specifications
Client recognizes that service provider’s stability is of paramount importance and will take all factors into consideration in
order to prevent any corporate data or infrastructure compromise. Due to their fact, it is necessary to consider a number of
non-technical factors as part of the service provider selection process. The service provider should provide details about these
factors in their proposals. These factors will be used to evaluate the overall solution.
These factors include but not limited to:
1. Number of years (minimum four years) the service provider has been offering the proposed service.
2. Availability of local support.
3. Previous experience with the Client and other institutions.
4. Clarity of offer and material.
5. Implementation, training and knowledge transfer plan.
6. Service provider must provide the department with the information of the last two similar contracts with government
departments.
5|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
6|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
60 L2/L3 Switches
Routers, Switches, Wireless 1 Wireless Controller
5 Wireless Controllers
Additional Devices - 1 3 Vulnerability Assessment: 1 security scanner
(Security Scanner, PVS, LCE)
7|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
8|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
9|Page
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
9. The service provider should enclose their security monitoring service SLA along with their technical proposal.
10. The service provider must provide security advisory reports based on the global and regional security threat profiles.
11. The service provider must follow UAE Information Assurance Standards compliant for the controls associated with
Incident Response & Monitoring.
12. The service provider must be ISO 27001 certified.
13. The service provider must have their SOC locally operated in UAE.
14. Notifications provided by the service provider’s SOC should be available via email and SMS.
15. The service provider’s SOC Team must have the technical expertise on the proposed SIEM solution provided in
response to this RFP and the ability to provide the first line of support for Client.
16. The service provider must provide subscription to an additional Threat Intelligence feed.
10 | P a g e
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
P2 – medium 4 Hours
P3 – low 24 Hours
3.3.6 The secondary Threat Intelligence Feed requirements
1. Licenses must start from year 2 after signing the contract.
2. Managed service provider must be able to integrate SIEM with the secondary threat intelligence.
3. Solution must be proposed as virtual appliance, hardware components will not be accepted by Client.
4. Solution must have an automated means to curate Threat Intelligence Data. That is, the removal of false positives,
risk scoring, and aging out of IOC’s.
5. Solution must be able to enrich IOC’s with context, and provide the context along with any relevant output.
11 | P a g e
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
6. Solution must be able to bring in a variety of threat feeds in a variety of formats, including both premium and
open source providers.
7. Solution must have the ability to ingest and scrape phishing emails or any emails with IOC content.
8. Solution must be able to provide functionality as both a STIX/TAXII client and server. Allowing for both ingestion
of TAXII feeds, as well as the output of data to various TAXII-capable technologies.
9. Solution must be able to visualize and extract reporting functionality- such as subsets of IOC’s from the platform,
as well as matches from Integrations.
10. Solution must have capability to accept imports in both structured and unstructured format, and provide scoring
visibility on the data.
11. Solution must have the ability, in a sensible way, to track new threats and add new Intel to an open investigation
where other members can collaborate.
12. Solution must have a graph-like relationships tool built in to visualize and explore connected associations.
13. Solution must have a foundation for associating descriptions of TTP’s, Campaigns, Cyber Incidents, Actor profiles,
and IOC’s with each other. This will include out of box information but also the ability to author similar content
internally.
14. Solution must provide a secure, vetted, and user friendly means to share and receive threat data from relevant
organizations.
15. Solution must contain a lookup method for searching across all data for specific keywords. These searches can
come in the form of Actors, threat types, or indicators themselves. Preferable that these searches can be saved
for ease of use.
3.3.7 Proactive Services:
Ability to use the IR retainer in proactive services such as:
1. Active threat assessment.
2. Table Top Exercise.
12 | P a g e
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
13 | P a g e
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
14 | P a g e
Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work
6 Evaluation Criteria
Total %100
Only suppliers technically accepted that have a total of 70% and more in the technical
evaluation will be accepted.
- In case the supplier does not get 70% or more in the technical evaluation, will not be
eligible for financial evaluation
15 | P a g e