VITL is seeking written proposals from managed service providers with experience establishing a SIEM capability across multiple unique system environments and cloud tenants. The service must operate on a 24/7/365 basis and adhere to federal privacy and security requirements, including (but not limited to) National Institute of Standards and Technology (NIST) SP800-53, and the Health Insurance Portability and Accountability Act (HIPAA). The service should align with, and support VITL in, achieving the expectations of the Minimum Acceptable Risk Standards for Exchanges (MARS-E) framework. These services will be used to augment VITL’s staff in the implementation of various project specific security requirements; key requirements would include:
• Implement a centralized log management system for aggregation of events from cloud infrastructure platforms, on-prem Infrastructure, network devices, databases, applications etc.
• Utilize Industry standardized tools to proactively scan in scope assets for common vulnerabilities.
• Network based port scans
• Operating system based software vulnerabilities
• Configuration best practices
• Historical event data must be maintained for a minimum of 18 months
• Event data must be accessible and searchable to VITL users through a web portal (read-only)
• The volume of event data is expected to be between 1.5TB and 3TB monthly.
• Event data must be always stored within the United States.
• The service must include a 24/7/365 SOC monitoring capability
• SOC analysts must be located within the United States.
• Detection of anomalous or malicious activity must be reported rapidly to VITL.
