PROJECT OVERVIEW AND BACKGROUND - · Web viewTwo Cisco SSM-40 IPS ... Electronic submission must be Adobe Acrobat or Microsoft Word ... What has the actual performance result been

REQUEST FOR PROPOSAL

No. 5907

FOR

NEXT GENERATION FIREWALL

Proposals Due: Thursday, June 25, 2015 at 2:00 P.M.

Submit Proposal to:

Macomb Community CollegePurchasing Department14500 Twelve Mile Road

Warren, MI 48088-3896 – Mailing [email protected]

Request for Proposal No. 5907 Released May 7, 2015

Dennis CostelloPurchasing Administrator

(586) [email protected]

mailto:[email protected]


MACOMB COMMUNITY COLLEGERFP No. 5907


TABLE OF CONTENTS

1 PROJECT OVERVIEW AND BACKGROUND..........................................................41.1 Project Overview.........................................................................................41.2 Background Information..............................................................................41.3 Macomb Community College’s Technical Infrastructure.............................5

PROPOSAL INSTRUCTIONS AND CONDITIONS..........................................................71.4 Intent...........................................................................................................71.5 Schedule of Events.....................................................................................71.6 Proposal Clarifications................................................................................71.7 Deadline for Proposals...............................................................................71.8 Requirements for Signing Proposal............................................................81.9 Examination of Work Site...........................................................................81.10 Security Bond.............................................................................................81.11 Proposal Response Format........................................................................81.12 Confidential Information..............................................................................81.13 Right to Request Additional Information.....................................................91.14 Proposal Preparation Costs........................................................................91.15 Standard Forms and Contracts...................................................................91.16 Selection Criteria........................................................................................91.17 Selection Process.....................................................................................101.18 Federal or State Sales, Excise or Use Taxes...........................................101.19 Right of Refusal........................................................................................101.20 Turnkey Solution.......................................................................................101.21 Proposal To Become Part of Agreement..................................................111.22 Confidential Information............................................................................11

2 PROPOSAL RESPONSE FORMAT.......................................................................122.1 Introduction...............................................................................................122.2 Executive Summary (Section 1)................................................................122.3 Company Background (Section 2)............................................................122.4 Proposed Solution Summary (Section 3)..................................................132.5 Implementation Plan (Section 4)...............................................................132.6 Implementation Support and Maintenance (Section 5).............................142.7 License and Maintenance Agreements (Section 6)..................................142.8 Cost Quotations (Section 7)......................................................................142.9 List of Clients and References (Section 8)................................................152.10 Technical and User Documentation (Section 9).......................................152.11 Exceptions/Deviations from Proposal Requirements (Section 10)............15

3 SCOPE OF WORK.................................................................................................164 GENERAL CONDITIONS.......................................................................................32

4.1 Macomb Community College Locations...................................................324.2 Vendor as Independent Contractor...........................................................324.3 Conflict of Interest/Disclosure...................................................................324.4 Use of Qualified and Experienced Personnel...........................................324.5 Equal Opportunity Employer.....................................................................324.6 Compliance with Rules and Regulations..................................................33

Page



4.7 Site Damage.............................................................................................334.8 In the Event of an Accident.......................................................................334.9 Non-interference with Institution Operations.............................................334.10 Site Inspection and Clean Up...................................................................334.11 Campus Identification Required................................................................344.12 Responsibility for Personal Property.........................................................344.13 Copyright Indemnity..................................................................................344.14 General Indemnity....................................................................................344.15 Risk During Equipment Storage and Installation......................................354.16 Submitting Disputes to Arbitration.............................................................354.17 Advertising / Permission...........................................................................354.18 Survival Clause.........................................................................................354.19 Governing Law..........................................................................................354.20 Entire Agreement......................................................................................364.21 Effect of Regulation..................................................................................364.22 Termination...............................................................................................364.23 Assignment...............................................................................................364.24 Performance Bond....................................................................................374.25 Ownership of Documents..........................................................................374.26 Employment of Other Vendors, Specialists or Experts.............................374.27 Warranty of Fitness for a Particular Purpose............................................374.28 Final Acceptance of the System...............................................................384.29 Non-Collusion Covenant...........................................................................384.30 Vendor Not an Agent of Institution............................................................384.31 INSURANCE.............................................................................................38

5 Appendix – Campus Maps......................................................................................416 Appendix “B” – Mandatory Bid Response Form......................................................44

Page



1 PROJECT OVERVIEW AND BACKGROUND

1.1 Project Overview

Macomb Community College located in Warren, Michigan is accepting competitive sealed proposals from qualified companies for a Next Generation Enterprise Firewall System with extensive experience in Enterprise Firewalls. MCC desires a "defense in depth" strategy: the deployment of multiple IT security defense mechanisms between adversaries and their targets including both protection and detection methods. The proposed system must meet MCC needs for the next five (5) to ten (10) years. The goals of this RFP are to increase visibility and understanding of applications and network flows; expand traffic control options beyond mere “allow/deny”; mitigate vulnerabilities and identify threats; eliminate the need to compromise between performance and security; reduce overall security costs; and simplify risk management.

The desired system must meet all of the mandatory minimum technical requirements as described under “Mandatory Minimum Requirements” in section #4.

In addition, MCC requires: Professional services for implementation of the chosen system Professional Services for post-implementation enhancements or support not covered

but listed below A unified Next Generation Enterprise Firewall system which meets or exceeds MCC

Mandatory Technical Requirements Immediate Training and Documentation as well as access to additional Training and

Documentation as required Enhanced Hardware/Software Warranty, Maintenance and Technical Support.

The project’s requirements are more fully described in Section 4 below.

1.2 Background Information

Located in Southeastern Michigan, Macomb Community College (MCC) is the second largest community college in Michigan serving more than 43,000 degree-credit students pursuing coursework annually in 39 buildings on four campuses within Macomb County. MCC has been fully accredited by the North Central Association of Colleges since 1970. MCC offers pre-college programs, continuing and professional education programs, customized workforce training and many cultural and community service programs.

MCC is governed by 7 elected trustees and administered by approximately 1,900 staff, including 1,000 faculty members. Community outreach efforts consist of a large compliment of community education and professional certification courses. Rounding out the programming is the Macomb Center for the Performing Arts, the Cultural Center and the John R. Dimitry Student Community Center on our Center Campus, the John Lewis Student Community Center and the 61,000-square-foot Sports & Expo Center on South

Page 4



Campus, a Workforce Development Institute, and the Public Service Institute (Police and Fire Academies).

1.3 Macomb Community College’s Technical Infrastructure

The technology environment can be described as follows:Communications and Networking

Cisco Gigabit Ethernet backbone, soon to be upgraded to 40Gig. Specific to this RFP, the current firewall and IDS/IPS configuration in use:

o Two Cisco ASA 5540 appliances configured in a H/A pairo Two Cisco SSM-40 IPS Modules configured in a H/A pairo Cisco WS-SVC-IDSM2o Cisco IronPort 370 Web and Cisco Ironport C370 Email Security units

Dedicated fiber plant between buildings. Dedicated redundant fiber between South and Center campuses. Fiber to East and MTEC campuses.

Systemax Gigaspeed copper cable from MDF/IDF to office and classroom locations; about 9,000 total drops.

Aerohive wireless network of 950 access points are deployed in the public areas of South and Center Campus.

Cisco IP telephony system. Includes Unity voice mail, CER, paging application and more.

Microsoft Exchange 2013 email system tied to Cisco Unity voice mail. Approximately 90 network servers (combination of standalone and virtual machines

on a Microsoft Hyper-V infrastructure) in a native-mode Active Directory environment running Windows 2008R2 and Windows 2012R2 operating systems. Examples include web, print, network control, database, storage and application servers.

Internet connection is through a dedicated (and redundant) 1 Gb fiber connection to the MERIT backbone. Bandwidth shaping and traffic control is accomplished with Exinda bandwidth shaping and Cisco IronPort devices.

Business Applications Ellucian Colleague system used for Finance, Human Resource, Payroll and all

Student records sub-systems, such as Admissions, Grading, Registration, etc. Results Plus system used for Fund Development. Ellucian systems run on the Unidata database system. Ungerboeck (USI) Event Business Management System (EBMS) for Conference &

Events management. Web services are provided through several servers. www.macomb.edu provides

general college information to the public, Ellucian’s webadvisor and SharePoint-based portal system provides registration and student records access to students, our intranet site provides college information to its employees, Ungerboeck’s EBMS web server provides information to Conference & Events clients, www.macombcenter.com provides information for performing arts patrons.

Students can use a web-based system to register, check schedules, pay bills, check grades, etc.

Page 5

http://www.macombcenter.com/

http://www.macomb.edu/



Staff Workstations and Printers Staff workstations and printers are all network connected to 100Mbs/1Gig Ethernet

ports. Workstations run Windows 7. A very small number in the Graphics department are Apple Macs.

Approximately 50% of staff computers are laptop computers. Faculty and instructional staff are given a choice between desktops and laptops, and administrators primarily use laptops.

Office 2010/2013 is the office productivity bundle used by staff. All staff workstations have anti-malware protection updated continuously when

connected to the College’s network or the public Internet.

Other Classroom mediation and presentation systems of various age and feature sets

supported by Extron and Crestron control systems.

Page 6



PROPOSAL INSTRUCTIONS AND CONDITIONS

1.4 Intent

It is the intent of Macomb Community College through this Request for Proposal and contract conditions contained herein, to establish to the greatest extent possible, complete clarity regarding the requirements of both parties to the Agreement resulting from the Request for Proposal. Providers (Vendors) with relevant experience and the ability to provide the necessary services in a timely fashion are encouraged to apply.

Specifications for the proposal are listed herein. All proposals must be for material, labor and services that meet or exceed all specifications described. Proposals for services that deviate from these specifications may be considered invalid.

1.5 Schedule of Events

EVENT Date

Deadline for Submitting Clarifications May 28, 2015

Deadline for Proposals and Public Opening June 25, 2015 @ 2:00 P.M.

Board of Trustees funding approval (anticipated)

August 18, 2015

Installation See Section #4

1.6 Proposal Clarifications

Clarifications will be accepted via e-mail until the cut-off period and include vendor name, contact name, phone number, e-mail address and reference to the line and Section/Subsection number(s) being addressed. Responses to clarifications will be shared with all organizations that were invited to submit a proposal, but without identifying the source of the inquiry. Macomb Community College will not be bound by any oral responses. E-mail questions to:

Dennis Costello, Purchasing AdministratorMacomb Community College14500 E. 12 Mile RoadWarren, Michigan 48088Email: [email protected]

1.7 Deadline for Proposals

Proposals will be received at the Purchasing Department Office, 14500 E. 12 Mile Road, Warren, Michigan 48088 (mailing address), 16000 Hall Road, Clinton Twp, MI 48038 (office location) or [email protected] (e-mail address), until 2:00 P.M. on Thursday,

Page 7




June 25, 2015 at which time and place proposals will be publicly opened. Proposals submitted via email, should not include any zipped or executable files as these will be blocked by the College’s security system and may not be considered as received on time. See Section 6 Appendix for a map of South Campus and location of the Purchasing Department Office.

Vendors are required to prepare and submit, at their own cost, one signed original and two copies of the original proposal. Submission must include the Vendor’s full response including all attachments, product services and specifications, and required Vendor documentation. Electronic submission must be Adobe Acrobat or Microsoft Word format. Vendors are encouraged to submit each proposal response under single cover (preferably soft sided).

The outside of the envelope must identify name of Vendor and address of the party that received the RFP, and the name of project for which the proposal is submitted (see title page).

1.8 Requirements for Signing Proposal

Each Vendor, by making a proposal, represents that this document has been read and is fully understood.

The proposal must be signed in ink by an individual authorized to legally bind the person, partnership, company or corporation submitting the proposal.

All manual signatures must have the name typed directly below the line of the signature.

1.9 Examination of Work Site

All respondents are expected to have examined the premises and project site prior to submitting their proposal. Failure to do so will not relieve the successful Vendor from providing any product or performing any labor or services that may be required to carry out the intent of the contract.

1.10 Security Bond

A Security Bond is not required for this project.

1.11 Proposal Response Format

Proposals must follow the format designated in Section 3. Proposals not complying with this format may be considered non-responsive and may be removed from consideration on this basis.

1.12 Confidential Information

Page 8



Information contained in proposals may be subject to FOIA (Freedom of Information Act) requests.

1.13 Right to Request Additional Information

MCC reserves the right to request any additional information, which might be deemed necessary after the completion of this document.

1.14 Proposal Preparation Costs

The Vendor is responsible for all costs incurred by the Vendor or his/her subcontractors in responding to this request for proposal.

1.15 Standard Forms and Contracts

Any forms and contracts the Vendor proposes to include as part of any agreement resulting from this proposal between the Vendor and MCC must be submitted as part of the proposal. Any forms and contracts not submitted as part of the proposal and subsequently presented for inclusion may be rejected. This requirement includes, but is not limited to, the following types of forms: subcontractor, franchise, warranty agreements, maintenance contracts, and support agreements.

1.16 Selection Criteria

Vendors will be evaluated based on the following selection criteria:

1.16.1 Compliance to SpecificationsA. Submission deadline complianceB. Proposal formatC. Completeness of information supplied

1.16.2 ExperienceA. Success with similar projectsB. Experience with similar tools and applicationsC. Pertinent experience, qualifications, certifications and past performance of proposed

personnel that will be directly involved in providing services, including SubcontractorsD. Experience in similar college environmentsE. Ability to provide timely on-site services, problem resolution and telephone supportF. Ability to provide training and comprehensive documentationG. General impression of Vendor’s ability to successfully provide the required servicesH. Credentials of actual installation team members.

1.16.3 Proposal Price and ValueA. Alignment of response to the College’s need

Page 9



B. The ability of equipment to interoperate with existing systems or those of a different manufacturer should one vendor offer products more appealing to the College

C. Management system featuresD. Comprehensiveness of reportingE. Labor rates and other charges or expensesF. Value of the proposal to MCCG. CostH. Continuing costsI. Preference will be given to installation Vendors/resellers that maintain a local office and

retain key staff residency within 40 miles of Warren, MI J. Reference checks

1.17 Selection Process

A. MCC staff will evaluate, rate and select the winning Vendor based on the written information provided in the proposal.

B. Vendors may be required to participate in a presentation and interview process where MCC representatives will further inquire about the firm’s qualifications and experience. Vendors may also be asked to provide a brief overview of their company, key personnel and how they would approach providing services.

C. If MCC is unable to successfully negotiate and execute a contract for services with the company offering highest ranked proposal, MCC reserves the right to interview the second-ranked proposal.

1.18 Federal or State Sales, Excise or Use Taxes

Vendors shall include all applicable taxes, (Federal, State, and Local) in the proposal price. Macomb Community College is exempt from State Sales Tax.

1.19 Right of Refusal

Macomb Community College reserves the right to reject any or all proposals, either in whole or in part, or to waive any informalities or irregularities therein that are in the best interest of MCC.

1.20 Turnkey Solution

The proposal price will be the total dollar amount of all services, material, equipment and labor described herein inclusive of warranties and shipping FOB Macomb Community College. The proposal amount is to be held firm for at least ninety days from the proposal opening date scheduled for June 25, 2015.

All prices quoted must include all equipment necessary to make the system specified fully operational for the intent, function, and purposes stated herein.

Page 10



1.21 Proposal To Become Part of Agreement

This RFP, Vendor’s response and any subsequent written communications, along with any formal, signed agreement will become part of the contract documentation governing performance of this project. Where conflicts exist, the later dated document will govern.

1.22 Confidential Information

Information contained in the vendor’s proposal that is company confidential must be clearly identified in the proposal itself. Macomb Community College will be free to use all information in the vendor’s proposal for the owner’s purposes.

Page 11



2 PROPOSAL RESPONSE FORMAT

2.1 Introduction

To facilitate the analysis of responses to this RFP, vendors are required to prepare their proposals in accordance with the instructions outlined in this section.

Proposals shall be prepared as simply as possible and provide a straightforward, concise description of the vendor’s capabilities to satisfy the requirements of the RFP. EMPHASIS SHOULD BE PLACED ON ACCURACY, COMPLETENESS, AND CLARITY OF CONTENT. All parts, pages, figures, and tables should be numbered and labeled clearly. The proposal should be organized as follows:

Section Title

1 Executive Summary2 Company Background3 Proposed Solution Summary4 Implementation Plan5 Implementation Support & Maintenance6 License & Maintenance Agreements7 Cost Quotations (using the bid response form from

Appendix “B”)8 List of Clients & References9 Technical & User Documentation10 Exceptions/Deviations from Proposal Requirements

Instructions relative to each part of the response to this RFP are defined in the remainder of this section.

2.2 Executive Summary (Section 1)

This part of the response to the RFP should be limited to a brief narrative not to exceed two (2) pages, describing the proposed solution. The summary should contain as little technical jargon as possible, and should be oriented toward non-technical personnel. The Executive Summary should not include cost quotations.

2.3 Company Background (Section 2)

Vendors must provide information about their company so that Macomb Community College can evaluate the vendor’s stability and ability to support the commitments set forth in response to the RFP. The Vendor should outline the company’s background including a brief description (e.g., past history, present status, future plans, company size, etc.). This section should also include a brief description of the company’s experience performing services similar to those described herein and the type of work in which the vendor specializes.

Page 12



Vendor may be required to submit audited financial information for the two (2) most recently completed fiscal years, which includes income statements, balance sheets and statement of cash flows.

Privately held companies wishing to maintain confidential financial information must provide information detailing the company’s long-term stability.

2.4 Proposed Solution Summary (Section 3)

Describe how vendor will address all of the requirements included in Section 4 – Scope of Work. Include descriptions of the approach, any proposed hardware and software applications, sample designs, and prototypes that describe your recommended solution.

Also, identify and provide resumes of personnel to be directly involved with providing the products and/or services that are proposed herein, including:

1. Project Manager 2. Network Engineer 3. Firewall Engineer4. Other personnel. List all relevant experience and qualifications of other personnel

within your company that might be expected to provide services to MCC.5. Subcontractors. List all relevant experience and qualifications of any known

subcontractors that might be expected to provide services to MCC in partnership with your company.

Also provide a listing of any pre-existing conditions required of Macomb Community College to begin work on the project, and a list of decisions that will need to be made by the College before the project can begin. Describe any requirements for housing Vendor staff during the project, at Macomb Community College.

2.5 Implementation Plan (Section 4)

Provide a general work breakdown structure with a timeline and each milestone and decision point identified.

The implementation plan should also include the overall project organization structure with key vendor and client staff identified. Describe the roles and responsibilities of College staff, their qualifications and required experience in previous projects.

Describe requisite training, including training for the project team and training for end-users that are part of the recommended solution. Specify where and when the training will be provided during the implementation process. If training can be offered at either Macomb Community College or the vendor’s site, specify the requirements for the on-site training and any cost variations for each option.

Page 13



In addition, describe any migration plans, or data conversions that will be part of the project solution.

2.6 Implementation Support and Maintenance (Section 5)

The vendor must give a detailed description of the level and extent of all support to be provided during and after the implementation. Show any costs associated with this support in Section 7, Cost Quotations.

The vendor must specify the nature, costs and conditions of any post-implementation support options including:

On-site support Telephone support – include the minimum response time provided as part of the

basic support agreement and average response time for the past twelve (12) months.

Delivery method of future upgrades and product enhancements. Hardware and database Frequency of upgrades Availability of user groups Escalation options and procedures

Indicate who is responsible for each of the support options provided above.

2.7 License and Maintenance Agreements (Section 6)

Sample license and maintenance agreements should be provided in this part of the vendor’s response for all components of the recommended solution (i.e., hardware, software, operating system, database, etc.).

2.8 Cost Quotations (Section 7)

All costs must be itemized and included as Section 7 of the vendor’s response. The vendor’s cost quotation must include all costs (e.g., license fees, modifications, training, travel and per diem, installation, documentation, discounts, etc.). In the event the product or service is provided at no additional cost, the item should be noted as “no charge” or words to that effect.

If the entire project cannot be quoted at a fixed price, describe the portions of the project that can be delivered at a fixed price. Include a description of all deliverables. Include a description of each item or service that will not be part of a fixed cost. Show the item/service, the cost/rate and the unit (for example, Training at $100 per day). If there are continuing/annual costs for any item, indicate that also. It is the College’s intent to establish known costs before a final contract is completed. For all variable priced items, describe how costs will be constrained and managed.

Page 14



2.9 List of Clients and References (Section 8)

Vendors must provide at least three references from clients that are similar in size and complexity to Macomb Community College and the scope of the project contemplated. Include a brief description of the scope of your engagement with the referenced client, and a contact person with appropriate contact information.

2.10 Technical and User Documentation (Section 9)

During the evaluation period, the vendor will provide one set of technical documentation and user documentation to Macomb Community College. At the end of the evaluation, the documentation will be returned to the vendor.

2.11 Exceptions/Deviations from Proposal Requirements (Section 10)

If the vendor finds it impossible or impractical to adhere to any portion of these specifications and all attachments, it shall be so stated in its proposal, with all deviations grouped together in a separate section entitled, “Exceptions/Deviations from Proposal Requirements.” This section will be all-inclusive and will contain a definition statement of each and every objection or deviation with adherence to specific RFP sections. Objections or deviations expressed only in other parts of the proposal, either directly or by implication, will not be accepted as deviations, and the vendor in submitting a proposal will accept this stipulation without recourse.

Page 15



3 SCOPE OF WORK

The purpose of this RFP is to solicit vendors for a Next Generation Enterprise Firewall System that will assist the College with its defense in depth strategy.

The solution shall include all equipment, installation, configuration services, end-user training and 40 hours of additional POST-installation ad-hoc (normal business hours) support/consulting services. Post-install support hours shall not be used by vendor for initial installation and configuration services and shall be consumed by the College after signoff of a

This enterprise security system will replace current external and internal firewalls used at MCC and must be configured to function as a high availability pair and operate independently upon inter-campus communications link failure or equipment failure of one of the pair.

The primary unit will be installed at the College’s Center Campus data center, the secondary system installed at the college’s south campus datacenter.

The system shall also function as an Intrusion Protection/Intrusion Detection device. The system must correctly classify all traffic and then determine source/destination and

affect change to the stream if necessary. Installation:

o PREFERENCE: New firewalls are installed, configured and run concurrently without disrupting existing systems and a smooth, controlled migration is staged over several weekends.

o If a hard (disruptive) cutover is necessary, installation must take place between December 26, 2015 and December 31, 2015.

o Cutover or disruptive activities must occur between 10 PM and 6 AM Mon-Sat and 10 PM through noon Sat evening/Sun AM. At no time shall the installation/implementation/configuration impact normal College operations (i.e. network connectivity or performance) outside those hours. 24 hour notice (minimum) must be given prior to any work that might disrupt the College’s network so that users can be adequately warned.

The Next Generation Enterprise Firewall system must: identify threats regardless of port, protocol, evasive tactic or SSL; identify users regardless of IP address; protect in real-time against threats embedded across applications; fine-grained visibility and policy control over application access/functionality; and multi-gigabit, inline deployment with no performance degradation AND must meet the following requirements:

Mandatory Minimum Requirements

Functionality Yes No Notes

Page 16



1.

To insure optimal performance for delay and jitter-sensitive applications such as VOIP, High Definition video, and future real-time sensitive applications; the Next Generation Enterprise Firewall will process all data for all active services as a single stream to minimize delay and jitter.

2.

To prevent evasive tactics used by modern hackers and malware, the Next Generation Enterprise Firewall will be port agnostic and analyze all data on all ports all the time for applications identification.

3.

To reduce administrative costs, overhead, and human error, the Next Generation Enterprise Firewall will simplify management by having a single user interface for configuring policy for all running features.

4.

To maximize the granularity of security policies, the Next Generation Enterprise Firewall will allow policy creation and enforcement based on any combination of date, time-of-day, ingress and egress hardware port, ingress and egress software port, application identification, user identification, locations, and content identification.

5.

All required performance specifications will be from published public sources from production environments with all required features and applications simultaneously active.

6. To prevent evasive users and applications from bypassing security functions, all product functions for IPS, Threat Prevention, and Anti-Virus will not require specific software port and protocol combinations for detection,

Page 17



mitigation, or enforcement.

7.

To insure consistent costs for the lifetime of the project, all pricing will be based solely on annual licensing for the hardware/services and bandwidth/throughput supplied by the quoted appliance. Per user or per object pricing for licenses will not be considered.

8.

Attackers are intelligent and are building malware and attack toolkits that use encrypted channels like SSL to carry sensitive data and bot commands – does your system have enhanced visibility for both internal and remotely originating traffic?

9.

Does your system allow view only capability of ports based on user privileges, or does every user have administrator privileges?

10.Visibility into encrypted and unknown traffic?

11.Application identification and control?

12. Identify and control circumventors?

13.Decrypt outbound and inbound SSL?

14.

How much throughput with real world traffic can your device handle with SSL decryption turned on?

15. Provide application function control?16. Deal with unknown traffic by policy?

17.Scan for viruses and malware in allowed collaborative applications?

18.Enable the same application visibility and control for remote users?

19.

Deliver the same throughput and performance with application control active?

20.

Provide edge security to separate Local Area Network from Public Internet?

21. Handle Intrusion Prevention/Intrusion Detection; with both in-line IPS and span/tap IDS

Page 18



capability?22. Handle URL Filtering? (Yes/No)

23.Ability to handle multiple VPN sessions?

24. Ability to provide in-depth reporting?

25.

Ability to limit or disable specific applications, categories or traffic flows?

26.Ability to handle a internet connection of up to 10GB p/s?

27.Ability to work with Standards based protocols?

28. VoIP Compliant (Cisco)?29. H323 Compliant?30. H225 Compliant?

31.Support for TACACS and RADIUS AAA protocol?

32. Multi-cast Compliant?33. IPv4 and IPv6 compliant?

34.Provide high availability with load balancing?

Other Features Requested

Management:


1.

Able to able to authenticate users via LDAP or Active Directory Integration for Administration and End-User capabilities?

Content Filters:


1.Ability to manage and set custom content filters to fit our organization?

2.

Be able to discover and re-write hyperlinks for blacklisted and known malicious sites or URLs?

Page 19



3.Scan the body of a message for certain word(s) or phrase(s)?

4.Is it possible to be able to set certain content filters to expire off of the system?

5.

Be able to set actions on how to handle a particular message if it matches a certain filter?

6.

Be able to notify an administrator when a message has been detected by a content filter?

Configuration:

FunctionalityYes No

Notes

1.

Company will assist in setup and configuration of product when brought into the organization.

2. Provide administrator/end-user training.3. Can your product determine geo-location?

Maintenance/Support:


1.Ability to provide 24/7 hardware/software support.

2.Hardware/Parts replacement within 24 hour window.

Methodology/Operations:

Functionality Notes

Application Visibility and Control

1. Many applications can evade detection

Page 20



using non-standard ports, port hopping, or by being configured to run on a different port. It is important to determine if the application identification mechanisms port-agnostic or are they dependent upon specific application ports. Are the signatures dependent on a specific port or range of ports, or are they applied automatically to all ports, all the time?

2.

When traffic first hits the device, is it first classified based on port (this is port 80, therefore it is HTTP) or application stream inspection?

3.

Describe in detail how the device can accurately identify applications. Are signatures the only mechanism, or are other elements such as decoders, heuristics, and decryption used as a means of ensuring that all applications are identified?

4.

What mechanisms are used to detect purposely evasive applications such as Ultra-Surf or encrypted P2P?

5.

Is application state tracked and if so, how is it utilized to ensure consistent control? Give three examples of how application state is used in policy control.

6.

Is the identity of the application the basis of the firewall security policy, or is application control treated as a secondary policy element to manage?

7.

How often the application database is updated, and is it a dynamic update or a system reboot upgrade?

8.

Does the product support URL filtering? Describe the URL filtering database. Is the database located on the device or on another device or service?

9.

Describe/list any other security functions that can leverage the application information collected, including drilldown details and user visibility features.

10.

Describe the solution’s capability to inspect non-routed / non-inline bridged traffic? Does the solution support span/tap for intra-vlan inspection?

Page 21



Controlling Evasive Applications, SSL and SSH

11.Describe the process by which applications and protocols are identified on all.

12.

What mechanisms are used to identify purposely evasive applications such as UltraSurf or Tor?

13.

Describe how the product can automatically identify a circumventer that is using a non-standard port.

14.

What policy controls are available to selectively decrypt, inspect, and control applications that are using SSL?

15.Are bi-directional SSL identification, decryption, and inspection supported?

16.Is SSL decryption a standard feature, or at extra cost?

17.To handle SSL decryption is a dedicated device required?

18.

SSH is a commonly used tool for IT, support, and tech-savvy employees as a means of accessing remote devices. Is SSH control supported and if so, describe the depth of control.

Policy-based Application Enablement

19.

Describe how the application database hierarchy (flat, multilevel, other) exposes functions within the parent application for more granular enablement policies.

20.

Is stateful inspection traffic classification performed separately, prior to application identification and if so, describe how, once an application is identified, the changes in application state are monitored, tracked and made use of within the policy.

21.

Describe the levels of control that can be exerted over individual applications and their respective functions:

a.Allow.

b.Allow based on application, application

Page 22



function, category, subcategory, technology, or risk factor.

c.Allow based on schedule, user, group, port.

d. Allow and scan for viruses, application exploits, spyware, and drive-by downloads.

e.Allow and shape.

f.Deny.

22.

Can port-based controls be implemented for all applications in the application database so that an administrator can for example, force Oracle database developers over a specific port or range of ports?

23.

List all the enterprise repositories supported for user-based controls. Is an API available for custom or non-standard repository integration?

24.

Describe how policy-based controls are implemented by users and groups for terminal services environments.

Managing Unknown Applications

25.Provide specifics on how unknown traffic is identified, categorized and managed.

26.

What, if any, actions can be taken on unknown traffic (allow, deny, inspect, shape, etc.)?

27.Describe the recommended best practices for managing unknown application traffic.

28.Can custom application signatures or rules be created?

29.What is the process for submitting requests for new or updated application signatures?

30.Once an application is submitted, what is the SLA turnaround time?

31. Describe in detail what mechanisms are

Page 23



available to determine if the unknown traffic is malicious code?

Threat Prevention

32.How are threats prevented that are carried on non-standard ports?

33.

Describe which threat prevention disciplines (IPS, AV, etc.) are port-based as opposed to application-based.

34.

Can the threat prevention engine scan inside of compressed content such as ZIP or GZIP?

35.Can the threat prevention engine scan within SSL encrypted content?

36.

Describe the approach to controlling unknown vulnerabilities and unknown malware.

37.Describe the threat prevention research and development process.

38.List all threat discoveries over the last 12 months.

39.

List all public and nonpublic databases from which the solution collects vulnerability data.

Securing Remote Users

40.

Provide a detailed description, including all necessary components, of the available options for securing remote users.

41.

Describe the sizing requirements. How many users can be supported simultaneously?

42. Is the product transparent to the client?

43.Describe how performance in ensured for geographically distributed users.

44.

Describe how policy control over remote users is implemented (e.g., in the firewall policy, in a separate policy/device, other).

45.

List all features and protections provided by the remote capabilities (SSL, application control, IPS, etc.) 7. Management

Management46. Does device management require a

Page 24



separate server or device?

47.

What management options are supported, CLI? Browser? Fat-client? Centralized Server?

48.

What visibility tools outside of the log viewer and reporting, are available to enable a clear picture of the application traffic traversing the network?

49.List the network flow protocols supported (e.g., NetFlow, J-Flow,SFlow).

50.

Are visualization tools included as part of the base functionality, or are they extra cost/added licenses?

51.Are visualization tools deployed on-box, or are they a separate device/appliance?

52.

Provide a detailed description of the effort and steps required to begin “seeing application traffic” on the network.

53.

Can the application policy controls, firewall policy controls, and threat prevention features all be enabled in a single rule in the firewall policy editor?

54.

Describe the logging and reporting. Provide logging server sizing/EPS estimates for rule bases and feature sets.

55.

Is full log analysis available on-box, or is it an extra cost, added license, and separate device?

56.

Are reporting tools available to understand how the network is being used and to highlight changes in network usage?

57.Are they an extra cost, added license, and separate device?

58.

Describe how management access is ensured when the device is under heavy traffic load.

59.

Describe the relationship between individual device and centralized management of multiple devices.

Monitoring, Reporting, and Security Tool Integration

60.

Describe the Security Event Information Management platforms that the solution integrates with in a supported manner.

61. Describe the reporting mechanisms and

Page 25



formats supported (API, XML, Database, etc.).

62.List the supported log formats for log output to SIEM/log server.

63.

List compatible vulnerability scanning engine products for VM program integration.

64.

Describe all actions that the solution can take in an automated manner by integration with the supported SIEM products.

65.List supported Anti-Malware platforms for product integration.

66.

Does the solution support agent-based or agentless, API integration with Microsoft Active Directory?

67.

Does the solution support single-sign-on or active directory based security administrator login?

68.Does the solution support role-based-access control for administration?

69.

Provide a security model for user access, roles, and workflow assignment within the solution.

70.

Does the solution require a third party software stack (Java, .Net, etc.) for administration?

Performance

71.Is the product software-based, an OEM server, or a purpose-built appliance?

72.

What has the actual performance result been in a test environment that is representative of the target network environment?

73.What is the rated throughput of your top rated perimeter firewall?

74.What is your rated throughput on your top rated perimeter firewall for IMIX traffic?

75.

What is the throughput based on a real-world mix of traffic with application control enabled?

76. What is the throughput based on a real-world mix of traffic with application control enabled, and other security features

Page 26



enabled, such as URL filtering and Intrusion Prevention?

77.

What is the throughput based on a real-world mix of traffic with all application control, user and threat prevention options enabled?

78.

What is failback mechanism or pass through option in the event of a bad signature or inefficient rule? Will a non-performant IPS rule impact routing of non-IPS services?

Installation

79.

Describe in detail your company’s ability to provide network and firewall engineer support to assist MCC with the setup and configuration of the initial Next Generation equipment.

80.

Can your solution be deployed “transparent” to the network? Briefly explain the different deployment scenarios of how your solution can be positioned in the network.

81.

Describe in general the installation and configuration process you would use should MCC have you do the installation.

82.

Of the last 10 client installs, please provide the number of days each took from initial installation to a stable production go live date. Production go live date is when the customer signed off on acceptable performance, not the date traffic began to pass through the device.

Warranty

83.

Describe in detail the warranty for the proposed equipment including your company’s replacement policy if the device fails? (how long for replacement, additional cost for replacement device, etc.)

Maintenance/Support

Page 27



84.

Describe the different types of maintenance and support plans provided for the equipment and software being proposed. Is there a discount for multi-year contracts?

85.

Describe in detail how often regular software and firmware updates are made for the proposed equipment. Are these regular updates part of the maintenance plans described above?

86.

Describe if direct manufacturer technical support is available and if so, provide the costs associated with this support.

87.

Describe in detail your company’s ability to provide onsite repair of the proposed Next Generation equipment and software available to MCC.

88.

Vendor must have the ability to provide 24/7 support and be able to provide overnight hardware replacement services.

Training

89.

Describe in detail your company’s ability to provide onsite and/or online training available for the equipment and software. Provide what options are available to MCC for the training (onsite, online, etc.).

90.Vendor must provide forty (40) hours of training for four (4) MCC staff members.

MCC Network Diagram

91.

Please describe how you accomplish firewall clustering and how does recovery occur in the event of a hardware failure.

92.

Please describe how “soft” non-hardware related faults are addressed from an HA perspective in your solution.

93.Please describe how you handle hardware failures from an HA perspective.

94.

Please provide an overview of the hardware redundancy built into your proposed solution.

95. Please itemize the routing protocols your

Page 28



proposed solution supports from an interior and exterior routing perspective.

96.

When performance degradation thresholds are exceeded in the case of IPS does your system optionally have the ability to fail open or fail closed? Please describe all options as it relates to this?

97.Please describe your software upgrade process and the impact to end users.

98.

In environments with multiple routing paths exist please explain how your clustering solution does or does not address asymmetric routing.

99.

In order to cluster your Firewall solution spanning multiple data centers how many physical network connections are required?

100.Does your equipment support the use of DWDM optics natively?

101.How often are major software updates released?

102.

For any signature based updates for IPS etc., how are we notified? How often do updates come out?

103.Is out of band management capability available natively in your solution?

104.Please describe what management options are available in your proposed solution?

105.Please describe in detail your support for SNMP monitoring and which versions.

106.

Please explain how management of the proposed solution is accomplished and the levels of granularity that are available from a rights perspective within the environment.

107.

Please describe the methods utilized in your product to identify and reject anomalous behaviors or threats.

108.

Please list the types of threats your product is capable of addressing beyond typical items such as syn floods, etc.

109.Please describe how notifications can occur in the event of active security, device

Page 29



performance, or hardware failure scenarios.

110.

Does proposed solution detect and prevent automated attacks; hackers that scan for unprotected/unpatched vulnerabilities?

111.

How does the proposed solution identify the attacker, and how does the solution alert on attack?

112.What routing protocols does proposed solution offer?

113.

How does the proposed system scale? Does the system require additional card/modules or purchase of additional device to be clustered together?

114.Can a proposed system be ran in a single cluster?

115.

Can proposed system provide an active/active configuration and still be one cluster?

116.Does proposed system have the ability to be configured in multiple zones/contexts?

117.

Where is routing performed? Data plane, control plane, hardware, software, and what are the benefits in the proposed solution

118.

Does proposed solution have the ability to provide for role based users and how does proposed system handle role based users?

119.

Data sheets show max throughput, what is the imix figure for throughput as it relates to proposed solution?

120.Does proposed system have the ability to analyze application data?

121.How does proposed system classify application data and apply policies?

122.

Does proposed system have the ability to blacklist and whitelist traffic dynamically, how is this accomplished?

123.

Does proposed solution have the ability to provide visibility and protection against traffic that is encrypted via SSL?

124.Does proposed solution provide ability to scale from 1G to 40G interfaces, does it

Page 30



require additional hardware/upgrades?

125.

How does proposed solution handle VM protection? As host’s move, how does solution continue to protect as host may move to a new geographical location?

Page 31



4 GENERAL CONDITIONS

The topics in this section will inform potential vendors of typical language to be included in a contract resulting from this RFP.

4.1 Macomb Community College Locations

Locations pertinent to this RFP (Contract) include:

Center Campus 44575 Garfield Clinton Township, MI 48038

South Campus14500 E. 12 Mile Rd Warren, MI 48088

4.2 Vendor as Independent Contractor

This is not an Agreement of partnership or employment of Vendor or any of Vendor's employees by MCC. Vendor is an independent Vendor for all purposes under this Agreement.

4.3 Conflict of Interest/Disclosure

No company or corporation in which an employee of the College has a direct or indirect interest shall transact business with the College unless such interest is disclosed to the Purchasing Department prior to entering into any contract or agreement with the College. Further, the employee shall not take part in the negotiations for or approval of such contract or agreement.

4.4 Use of Qualified and Experienced Personnel

Vendor agrees at all times to maintain an adequate staff of experienced and qualified employees for efficient performance under this Agreement. Vendor agrees that, at all times, the employees of Vendor furnishing or performing any services shall do so in a professional, work-person like, and dignified manner.

4.5 Equal Opportunity Employer

Vendor shall be an equal opportunity employer and shall conform to all Affirmative Action and other applicable requirements; accordingly, Vendor shall neither discriminate nor permit discrimination in its operations or employment practices against any person or group of persons on the grounds of race, color, religion, national origin, age, or sex in any manner prohibited by law.

Page 32



4.6 Compliance with Rules and Regulations

Vendor agrees that all persons working for or on behalf of Vendor whose duties bring them upon MCC's premises shall obey the rules and regulations that are established by MCC and shall comply with the reasonable directions of MCC's officers. MCC may, at any time, require the removal and replacement of any of Vendor's employees for good cause.

In the event of such a removal, the Vendor shall, within fifteen (15) days, fill this representative vacancy. Regardless of whom the Vendor has designated as the representative, the Vendor organization remains the ultimate responsible party for performing the tasks and responsibilities presented in this Agreement.

4.7 Site Damage

Vendor shall be responsible for the acts of its employees and agents while on MCC's premises. Accordingly, Vendor agrees to take all necessary measures to prevent injury and loss to persons or property located on MCC's premises. Vendor shall be responsible for all damages to persons or property caused by Vendor or any of its agents or employees. Vendor shall promptly repair, to the specifications of MCC, any damage that it, or its employees or agents, may cause to MCC's premises or equipment; on Vendor's failure to do so, MCC may repair such damage and Vendor shall reimburse MCC promptly for the cost of repair.

4.8 In the Event of an Accident

Vendor agrees that, in the event of an accident of any kind, Vendor will immediately notify MCC's Police Department (586-445-7135) and thereafter, if requested, furnish a full written report of such accident.

4.9 Non-interference with Institution Operations

College's operations must continue uninterrupted throughout the completion of the work contemplated herein. Certain portions of the work must be performed and completed in such order as directed by MCC's representative as to permit the orderly operation of MCC's activities. Vendor shall review the work to assure that operations will not impede the utilization of the facilities.

4.10 Site Inspection and Clean Up

Prior to all field work and installation or upgrade of all related equipment, the awarded Vendor will visit and inspect the project premises in order to confirm the conditions under which the Work for this project is to be performed, and determine the availability of facilities for access, delivery, transportation and storage.

Page 33



Vendor at all times shall keep the premises free from accumulation of waste materials or rubbish caused by the Vendor’s operations. When the project is placed into service, the Vendor shall remove all such waste materials and rubbish from and about the Project premises as well as the Vendor’s installation equipment, machinery and surplus materials and restore all project premises back to the original condition as found when the project commenced.

4.11 Campus Identification Required

Vendor and its employees are required, each day while work is being performed on campus, to check in with Campus Security and receive the necessary campus identification.

4.12 Responsibility for Personal Property

MCC shall have no responsibility for the loss, theft, mysterious disappearance of, or damage to, equipment, tools, materials, supplies, and other personal property of Vendor, its employees, Subcontractors, or material persons.

4.13 Copyright Indemnity

The awarded Vendor shall indemnify and hold MCC harmless from any claim that a product or accessory or its use, infringes on another person or company’s patent, copyright, trade secret or other property right.

4.14 General Indemnity

To the fullest extent permitted by law, the Vendor shall indemnify, hold harmless, and defend Macomb Community College and its agents, employees, officers and successors, from and against any claims, causes of action, damages, losses and expenses, including but not limited to attorneys fees, arising out of or resulting in any way from Vendor’s performance of this contract, provided that such claim, cause of action, damage, loss or expense is attributable to bodily injury, sickness, disease or death to any person, including employees or agents of the Vendor, subcontractor, or construction manager, or to injury to or destruction of tangible property including loss of use resulting there from, but only if caused in whole or in part by a negligent act or omission of the Vendor, a subcontractor, the construction manager, anyone directly or indirectly employed by them or any for whose acts they may be liable, regardless of whether or not such claim, cause of action, damage, loss or expense is caused in part by a party indemnified hereunder. Vendor shall not be obligated to hold harmless, indemnify or defend Macomb Community College or its agents, employees, officers, or successors if any claim, cause of action, damage, loss or expense arises from the sole negligence or fault of a party indemnified hereunder.

Vendor shall assume the defense of Macomb Community College pursuant to the provisions of paragraph 5.16 within fourteen (14) days of receipt of written notice. Any legal cost or expense, including attorneys fees incurred by Macomb Community College for

Page 34



enforcement of its rights under paragraph 5.16 between the time by which Vendor should have assumed Macomb Community College’s defense and the time when Vendor assumes Macomb Community College’s defense shall be reimbursed by Vendor. Any legal cost or expense, including attorney’s fees, incurred by Macomb Community College in the successful prosecution of any litigation or arbitration seeking to enforce the provisions of paragraph 5.16 or in negotiating a settlement of such claim, shall also be reimbursed by Vendor.

4.15 Risk During Equipment Storage and Installation

Delivery shall be made in accordance with the implementation schedule referenced as part of this Agreement. It will be possible to allow for minor variances from this implementation schedule as mutually agreed upon by both parties and confirmed by prior written notice. The equipment shall be installed and placed into good working order by representatives of the Vendor. During the time period where the equipment is in transit and until the equipment is fully installed in good working order, the Vendor and its insurer shall be responsible for the equipment and relieve the College of responsibility for all risk of loss or damage to the equipment. In addition, Vendor shall hold the College and agents harmless from any risk of loss or damage arising out of occurrences during the installation of the equipment.

4.16 Submitting Disputes to Arbitration

Any dispute arising out of the performance of a contract between the parties may be submitted to arbitration only upon written consent of both parties.

4.17 Advertising / Permission

Vendor shall not use, in its external advertising, marketing programs, or other promotional efforts, any data, pictures, or other representation of MCC except on the specific written authorization in advance of MCC’s Purchasing Agent. Vendor will limit and direct any of its advertising on MCC’s premises to MCC’s student media and bulletin boards, and shall make arrangements for such advertising through the Student Activities Department. Vendor shall not install any signs or other displays anywhere on MCC's premises unless in each instance the prior written approval of MCC's Purchasing Agent has been obtained. However, nothing in this clause shall preclude Vendor from listing MCC on its routine client list for matters of reference.

4.18 Survival Clause

The terms, conditions, representations, and warranties contained in this Agreement shall survive the termination or expiration of this Agreement.

4.19 Governing Law

Page 35



This Agreement, and all matters or issues collateral to it, shall be governed by, and construed in accordance with, the law of the State of Michigan.

4.20 Entire Agreement

This Agreement constitutes the entire agreement between the parties and supersedes all prior agreements or understandings, written or oral, prior to signing of a contract.

4.21 Effect of Regulation

Should any local, state, or national regulatory authority having jurisdiction over Macomb Community College enter a valid and enforceable order upon the College which has the effect of changing or superseding any term or condition of the Agreement, such order shall be complied with, but only so long as such order remains in effect and only to the extent actually necessary under the law. In such event, this Agreement shall remain in effect, unless the effect of the order is to deprive the College of a material part of its Agreement with the Contractor. In the event this order results in depriving the College of materials or raising their costs beyond that defined in the Agreement, the College shall have the right to rescind all or part of this Agreement (if such a rescission is practical) or to end the Agreement term upon thirty (30) days prior written notice to the Vendor. Should the Agreement be terminated under such circumstances, the College shall be absolved of all penalties and financial assessments related to cancellation of the Agreement.

4.22 Termination

In the event that that either party shall fail to maintain or keep in force any of the terms and conditions of this Agreement, the aggrieved party may notify the other party in writing via certified mail of such failure and demand that the same be remedied within ten (10) business days. Should the defaulting party fail to remedy the same within said period, the other party shall thereupon have the right to terminate this Agreement by giving the other party thirty (30) days written notice. Notwithstanding the foregoing, due to lack of State or County funding, MCC may at any time during the life of this Agreement, terminate same by giving thirty (30) days notice in writing via certified mail to Vendor. In addition, if at any time a voluntary petition in bankruptcy shall be filed against the Vendor and shall not be dismissed within thirty (30) days, or if the Vendor shall take advantage of any insolvency law, or if a receiver or trustee of the Vendor's property shall be appointed and such appointment shall not be vacated within thirty (30) days, MCC shall have the right, in addition to any other rights of whatsoever nature that it may have at law or in equity, to terminate the contract by giving (30) days notice in writing of such termination.

4.23 Assignment

This Agreement or any part thereof shall not be assigned or subcontracted by Vendor without the prior written permission of MCC; any attempt to do so without said prior permission shall be void and of no effect.

Page 36



4.24 Performance Bond

MCC may require the Vendor to furnish a Performance Bond and Labor and Material Payment Bond equal to 100 percent of the total amount payable by the terms of the contract by a qualified surety. If a bond is required, the Vendor will be reimbursed for the premium costs upon submission of proof of payment.

The Vendor shall deliver the required bonds to MCC within 15 days after award of the contract. If the work is to be commenced prior thereto in response to a letter of intent, the Vendor shall submit evidence to MCC that such bonds will be furnished prior to commencement of the Work.

Performance Bond and Labor and Material Bond form AIA Document A311/CM, June 1980 Edition is approved for use on this project.

The proposed bonding company of the Vendor shall be acceptable to MCC.

4.25 Ownership of Documents

All plans, studies, documents and other writings prepared by and for Vendor, its officers, employees and agents in the course of implementing this Agreement, except working notes and internal documents, shall become the sole property of MCC upon payment to Vendor for such work, and MCC shall have the sole right to use such materials in its sole discretion without further compensation to Vendor or to any other party.

4.26 Employment of Other Vendors, Specialists or Experts

Vendor will not employ or otherwise incur an obligation to pay other vendors, specialists or experts for services in connection with this Agreement without the prior written approval of MCC.

4.27 Warranty of Fitness for a Particular Purpose

The College has presented detailed technical specifications of the particular purpose for which the network and technology is intended. The College has provided detailed descriptions and criteria of how the system can be defined to accomplish a particular purpose. The College has also defined the exact procedures and techniques to be employed in testing whether the system has achieved the defined performance of this particular purpose. Given this advanced preparation concerning, and documentation about the College’s particular purpose, the Vendor at the time this Agreement is in force has (1) reason and opportunity to know the particular purpose for which products are required, and (2) that the College is relying on the Vendor’s experience and knowledge of these products to provide those which are most suitable and appropriate. Therefore, the Vendor warrants that the system is fit for the purpose for which it is intended as described in this document.

Page 37



4.28 Final Acceptance of the System

The system proposed shall be defined to be finally accepted by the College after the installation of the equipment and successful completion of the following performance examinations: system hardware and software examination and performance, software acceptance and documentation. The College and its consultants shall be the sole judge of whether all conditions for final acceptance criteria have been met.

4.29 Non-Collusion Covenant

The Vendor hereby represents and agrees that it has in no way entered into any contingent fee arrangement with any firm or person concerning the obtaining of this Agreement. In addition, the Vendor agrees that a duly authorized Vendor representative will sign a non-collusion affidavit, in a form acceptable to the College that the Vendor firm has received from College no incentive or special payments, or considerations not related to the provision of automation systems and services described in this Agreement.

4.30 Vendor Not an Agent of Institution

Macomb Community College retains all rights of approval and discretion with respect to the projects and undertakings contemplated by this Agreement. Vendor, its officers, employees and agents shall not have any power to bind or commit MCC to any decision.

4.31 INSURANCE

Before commencement of any work, a Certificate of Insurance executed by Vendor's insurance carrier showing required insurance coverage shall be submitted. An endorsement or statement waiving the right of cancellation or reduction in coverage unless thirty (30) days prior written notice is given to MCC by registered or certified mail shall be included.

As a condition of performing work for MCC, Vendor must provide satisfactory evidence of insurance coverage as follows:

A. Worker's Compensation and Employer's Liability Insurance - covering statutory obligations in the state(s) in which work is to be performed.

B. Automobile Liability Insurance - with a limit of $1,000,000 per accident covering owned, non-owned, and hired automobiles.

C. Commercial General Liability Insurance - written on an OCCURRENCE policy form that includes coverage for operations, personal injury, XCU (explosion, collapse and underground), independent Vendors, contractual, and products - completed operations with limits of liability as follows:

1. If policy is written on the 1986 ISO Simplified form:

Page 38



$1,000,000 Occurrence

$2,000,000 General Aggregate

$2,000,000 Product - Completed Operations Aggregate. If the Vendor's policy's general aggregate is per job, then a $1 million limit of liability is acceptable for the general aggregate and the products - completed operations aggregate.

2. If policy is written on a form other than the 1986 ISO Simplified form:

$1,000,000 Occurrence (bodily injury and property damage combined).

$1,000,000 Aggregate (applicable to products - completed operations only).

3. Products - completed operations liability must be maintained for not less than one year after start of service of work.

D. Other Requirements

Evidence of insurance coverage, required herein, is to be provided to MCC in ACORD Certificate Form 25 or 25-S and must indicate:

1. That Commercial General Liability insurance policy includes coverage for item specified in 5.31 C3 above.

2. A Best's rating for each insurance carrier at B+VII or better.

3. That the insurance company will provide 30 days written notice of cancellation to the certificate holder and other words “endeavor to” and “but failure to mail such notice shall impose no obligation or liability of any kind upon the company, its agents or representatives” do not apply or have been removed.

4. That “Macomb Community College” is additional insured on the General Liability policy certified.

5. Any deviation in coverage provided by the Standard 1986 IS0 Simplified General Liability policy form, and

6. Any deductible over $2,500 applicable to any coverage.

Page 39



E. Insurance Options

General Liability and Auto Liability limits may be attained by individual policies or by a combination of underlying policies with umbrella and/or excess liability policies.

Vendor may prevent unnecessary follow up resulting from incomplete insurance certificates, by sending or faxing a copy of these insurance requirements to Vendor’s agent when requesting an insurance certificate.

Page 40



5 Appendix – Campus Maps

Page 41



Page 42



Page 43



6 Appendix “B” – Mandatory Bid Response Form

TO: Macomb Community College June 25, 2015 14500 Twelve Mile Road Warren, MI 48088

ATTENTION: Purchasing Administrator

The contractor, in compliance with the Request For Proposal for the Next Generation Firewall having examined the RFP documents and being familiar with the site of the proposed project including the availability of materials and labor, hereby proposes to furnish and install all labor, materials, tools, equipment and all services to provide work described herein in accordance with the RFP documents for the amounts stated below.

Bid prices must be guaranteed for a minimum of 120 days from bid opening to allow for purchase authorization and contract development and not change no matter which implementation time period is chosen (staged over fall 20-15 or December holiday cutover per section #4) once a PO has been issued (within the initial 120 day period). This project requires purchase authorization by the College’s Board of Trustees and is subject to the timelines required to obtain such approval.

Bid MUST include a sample contract (if to be something other than the RFP itself) for review and for use in finalizing contract terms and conditions prior to Board of Trustees purchasing approval. If none is provided, then the RFP and purchase order shall serve as the binding contract.

Contractor, if awarded a contract, agrees to commence work upon receipt of a written “Notice to Proceed/Letter of Intent” / Purchase Order and to fully complete the work in a mutually agreeable time.

Contractor understands that the College reserves the right to reject any or all proposals and to waive any informalities therein.

9. BASE BID summary

Include all sections of this proposal response form in your submission. Mark non-participatory sections with “NO BID”.

9.1 Turnkey system install and three year maintenance/service contract:

Start-up & Implementation Services

All Hardware/equipment, software and license costs. All components MUST be itemized (expand table as required)

$

Page 44



One time, all inclusive, installation, set-up and configuration fee(s)

$

Not-to-exceed travel costs $Other reimbursable expenses $

Project Management fee(s), $

4 hr (8 AM – 6 PM) , 5 day (Mon-Fri) replacement warranty, year #1

$

Other (expand/detail as req’d) $

Total ONE TIME implementation costs $

Reoccurring ANNUAL costs

4 hr (8 AM – 6 PM) , 5 day (Mon-Fri) replacement warranty, years 2 & 3.

$

40 hours of on-site consulting/engineering/support (each year)

$

Not-to-exceed travel costs for on-site support hours above

$

Other charges (itemize) $

Total reoccurring annual cost $

9.2 Payment terms/schedule. No less than 30% shall be retained by the College until final system acceptance and sign-off is made by the College’s CIO and the Director of IT: Infrastructure and Networking. Vendor shall provide payment schedule below (expand/detail as required):____________________

Warranty

Vendor warrants that all services provided by Vendor will be performed in a manner consistent with generally accepted industry practices applicable to such services. MCC agrees to report any deficiencies in the services to Vendor within ninety (90) days of completion of the services in order to receive warranty remedies. MCC’s exclusive remedy for breach of warranty with respect to the services will be re-performance of the services. If Vendor is unable to re-perform the services as warranted, MCC will be entitled to recover the fees paid to Vendor for the deficient services in an amount not to exceed the total amount paid or payable for the services.

Page 45



Vendor warrants that at the time of delivery and for a period of thirty (30) days following acceptance by MCC of the particular deliverable, the deliverable will materially conform to the applicable specifications and acceptance criteria. During this period, Vendor will (as soon as reasonably practical and at no charge to MCC) furnish such materials and services as may be required to correct any nonconformity or defect in the deliverables and to maintain the deliverables in good working order in accordance with the applicable specifications and acceptance criteria. If within a commercially reasonable period of time Vendor is not able to correct the nonconformity or defect as warranted, MCC will be entitled to recover the fees paid to Vendor for the deficient services or deliverable in an amount not to exceed the total amount paid or payable for such services or deliverable.

The undersigned agrees to the provisions of contract documents and hereby affix authorized signature(s):

Signature(s):_____________________________________________________

Title:____________________________________________________________

Company Name:__________________________________________________

Address:________________________________________________________

City:__________________________State_________Zip Code____________

Telephone Number:________________ Fax Number:___________________

e-mail address: __________________________________________________

Print Name of Signature: __________________________________________

Date: ___________________________________________________________

IT IS MANDATORY OF ALL CONTRACTORS TO RETURN THIS SHEET FULLY COMPLETED WITH THEIR PROPOSAL.

Page 46