Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 1 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
DATE: 17 September 2020 updated on 22 October 2020 SUBJECT: INVITATION FOR BIDDING (IFB) 03/20 Procurement of Highly Secure System
for introducing and sharing files inside the organisation Dear Madam or Sir, Your company is hereby invited to participate in the Competitive Bidding for Procurement of Highly Secure System for introducing and sharing files inside the organisation for Headquarters Multinational Corps Northeast (HQ MNC NE), Baltic Barracks Ul. Łukasińskiego 33, Szczecin, Poland. The Bid Closing Date for this Invitation For Bidding (IFB) shall be at 12.00 hours (noon, Polish time) on 05 November 2020. In accordance with HQ MNC NE Procurement rules, the bid opening is not public and prices offered will be treated with confidentiality. A bidder who intends to participate in the bidding procedure must hold the industrial
clearance certificate 1st category valid through the contract performance.
Enclosed are the following documents:
a. Enclosure 5, Acknowledgement of Receipt b. The Invitation for Bid IFB 03/20 containing:
Part I : Bidding Instructions (this page) Part II : HQ MNC NE General Provisions (see webpage) Part III : Technical Specifications (next page) You are kindly requested to complete and return Enclosure 5 - ACKNOWLEDGEMENT OF RECEIPT. Further correspondence will be mailed only to those firms that have returned En-closure 5 and thereby have indicated their intention to participate in the bidding.
Best Regards Jan Glargaard Contracting Officer J-8/FINANCE DIVISION Headquarters Multinational Corps North East
Please visit our webpage via link below, for further information and future business opportu-nities.
https://mncne.nato.int/about-us/business-opportunities
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 2 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
P A R T III
Technical Specifications
Highly Secure System for introducing and sharing files inside the organization
System comprised of specialized software instances of:
I. Kiosk Module (software) – 2 licenses
II. File Exchange Module (software) – 1 license
III. Scanning Module (software) – 1 license
and hardware instances of:
IV. Workstation (hardware) – 2 pcs.
V. Monitor (hardware) – 2 pcs.
VI. Server (hardware) – 1 pcs.
VII. Disc Array (hardware) – 1 pcs.
System must provide English language interfaces. All software modules must come from the
same manufacturer and from the manufacturer's authorized sales channel in Poland.
Kiosk Module integrated with Scanning Module will offer a safe process for files stored on
external media devices entering into organization. This module will ensure that only files
that were not detected as a threat will be allowed inside the organization after scanning.
Client will run as a Windows service, and will monitor a dedicated endpoint for any insertion
of USB media, CD/DVDs and mobile phones via USB. Access to inserted devices will be
blocked until they have been scanned by Kiosk integrated with Scanning Module. When a
USB or disc is inserted, Client will prompt the user to decide how to handle the device.
File Exchange Module integrated with Scanning Module will offer a safe process for transfer-
ring files to and from organization as well as a safe way of storage and access to files coming
from Kiosk. System will ensure that only files that were not detected as a threat will be ac-
cessible.
After completion of works the contractor must provide as-built documentation
classified NATO RESTRICTED.
I. Kiosk Module (software) requirements – 2 licenses:
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 3 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
1. Module must be delivered as a licensing software and should be installed on a delivered
workstation connected to monitor
2. The supplied software will be in its current version. Subscription for the software license and
the manufacturer's support must be for 12 months
3. Ability to install on operating systems in 64-bit versions:
Windows 10
Windows Server 2016
4. Ability to unlock encrypted USB devices with a given password. Support for at least following
encrypted USB devices.:
IronKey S200, S1000, D250, D300
Kanguru Defender Elite 30, 300
Kanguru Defender 2000, 3000
Kingston Data Traveler 2000, 4000 G2
Kingston Data Traveler Vault Privacy 3.0
USB Flash Security
SanDisk Cruzer Enterprise FIPS Edition
SanDisk Cruzer Contour U3 based USB
Microsoft BitLocker (password based)
5. Media handling features should include the following:
ability to process drives with multiple partitions
ability to process full or partial media
ability to wipe/format USB drives
support for integration with File Exchange Module for uploading files for processing or
uploading/downloading processed files
ability to USB device soft eject
ability to CD/DVD eject
6. Kiosk Module user interface must be in English or Polish with the support of customizing or
adding other languages
7. Module must come with a variety of system hardening features for maximum security such
as:
Disable autorun
User exit by pressing ALT+F4 and/or entering the exit password
Block the ability to copy files to the Operating System
Block the ability to execute files on the Operating System
Run automatically on system startup
8. Management Console must allow creating a new user
9. Module must allow different options and workflows to different groups of users, at least:
manage users or groups assigned to workflow,
configure workflows with users,
configure workflows with groups,
10. Software must provide the ability to configure “User Questions” that will challenge end us-
ers to answer. Any required responses must be stored in the “User Question” section of the ses-
sion log
11. Support for processing files from Android and iPhone devices over USB interface
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 4 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
12. Support for USB whitelisting functionality to define a whitelist of USB devices that will be al-
lowed. Only USBs that match the whitelist will be allowed
13. The USB whitelist should include as many items as the administrator would like to define.
Any USB that has a device ID that either equals or contains any of the items in the whitelist will
be allowed
14. In order to specify custom secure file access criteria, Kiosk Module must integrate with
Scanning Module to use its capabilities:
Scan for malware with multiple antimalware engines
Heuristics for zero-day threats
Sanitize files containing unknown threats from documents
Check for file type accuracy and consistency
Allow or block specific file types
Archived files extraction
Check for file vulnerabilities
Detect sensitive data
15. The scanning module can be installed on the same system as Kiosk or on another machine.
Any errors encountered with the scanning module will cause Kiosk to retry processing the file
with the scanning module
16. Kiosk module must be fully compatible and integrate with File Exchange Module
17. Ability to set different file handling scenarios and actions to take on blocked and allowed
files, including copying to secondary USB, File Exchange Module or local directory
18. Software must provide Backing Up and Restoring the Configuration capabilities such as:
Downloading a configuration backup
Restoring configuration settings
Optional Steps to Preserve Data
19. There must be at least three options for handling a sanitized file with the original media:
Do not copy the sanitized version to the original media (the sanitized file will not be cop-
ied to the original media and the original file will be left untouched),
Attempt to replace the original file with the sanitized version (the sanitized file will be
copied to the original media and the original file will be deleted),
Copy the sanitized version to the media and keep the original version (the sanitized file
will be copied to the original media and the original file will be left untouched).
20. Ability to add blocked file to quarantine
21. Ability to format the original non-encrypted media
22. Ability to wipe and copy to original media for allowed files after the original media has been
formatted
23. Copying files to a designated location specified by one of naming conventions selected:
Directory named with the unique session ID (copying files to a directory identified by
the session ID),
Directory named with the session start time (copying files to a directory),
24. Ability to copy files to a remote server (network share) by providing the UNC path
25. Ability to copy files to external media. Supported external media should include: USB, blank
and non-finalized CD/DVD and Floppy
26. Support for “Custom Command Line Script”. Post-processing scripts should run after the file
processing in order to meet specific needs that cannot be achieved via the built in features
27. Ability to configure session log location and format
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 5 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
28. Ability to configure Email Session Report that allows:
automatic emails that are sent to a designated recipient after each session is completed,
"Email Current User" (ability to send the session report to the AD user currently logged
in to the Kiosk session),
"Send Email Only When Blocked Files Found" (ability to send an email only for a session
where a blocked file was found),
"Use Log Settings for Report" (ability to send the session log as an attachment),
29. Support for retrieving files from File Exchange Module via Active Directory integration
II. File Exchange Module (software) requirements – 1 license:
1. Module must be delivered as a licensing software model and will be installed on a delivered
physical server connected to disc array
2. Must be fully compatible and integrated with Scanning Module
3. The supplied software will be in its current version. Subscription for the software license and
the manufacturer's support must be for 12 months
4. The license must include at least 250 managed users and unlimited guest users
5. Ability to install on operating systems in 64-bit versions:
Windows 10.
Windows Server 2016.
6. Web-based solution. Must be accessible from a web browser and have support for:
Internet Explorer 11.
Firefox ESR 68.6.1.
7. Must support access to the web interface via HTTP and HTTPS protocols and must allow the
use of TLS to ensure confidentiality (privacy) and data integrity during communication be-
tween software and web browsers
8. The software must work on VMware ESXi 6.0 patch 20192001, 6.5 patch 20192001 or 6.7
patch 20192001 virtualization platforms
9. In order to specify custom secure file access criteria, must integrate with scanning module to
use its capabilities:
Scan for malware with multiple antimalware engines.
Sanitize files containing unknown threats from documents.
Check for file type accuracy and consistency.
Allow or block specific file types.
Check for file vulnerabilities.
Detect archive bombs.
Detect sensitive data.
High availability with multiple Core servers.
10. It must be possible to share a file or a folder with one or multiple users or share a file with a
group from Active Directory.
11. Must provide following features:
Adding or editing file tags.
Supervisor approval process.
Advanced authentication and increased security.
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 6 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
File life-cycle management.
Support for multiple types of storages (local, network, Amazon S3) and for different pur-
poses (temporary, sanitized, permanent).
Administrative overview of the files that are exchanged through the system.
Active Directory integration with one or more domains.
Role-based access (Administrator, Registered User, Guest).
Audit trail for each file, including who uploaded and downloaded the file and when.
Email notifications for files Easy setup (built-in web server and database).
12. Module must provide standalone portal with a rich user interface for administrators and
regular users and allow configuration of the following features:
Limit files size (maximum size limit).
Expiration date (each file storage expiration date).
Log auditing.
Export the log audit data in a CSV (comma separated values) file for any 3 party applica-
tion or saved in another internal database.
Retention and Syslog integration.
Supervisor Approval. This feature enables supervisors to implement access policy for
files uploaded using system.
Pending Approval Page. This page allows supervisors to manage files uploaded by the
supervised users.
Revoke approval: deny access to download the file Retry processing (only visible in case
of failures).
Approve or revoke multiple files at once. Supervisors can also approve or revoke multi-
ple files at the same time, and not individually.
Approval History. You can use this page to check files that have been previously ap-
proved or denied approval.
Enable periodic automatic re-scan (automatically scanning for a specified period of
time to ensure Outbreak Prevention).
Enable file locking.
Multiple types of users, minimum: Local Users, Active Directory Users and Guest Users.
III. Scanning Module (software) requirements – 1 license:
1. Module must be delivered as a licensing software in the "per-server" model and will be in-
stalled on a delivered physical server
2. Must be fully compatible with Kiosk and File Exchange Modules
3. The supplied software will be in its current version. Subscription for the software license and
the manufacturer's support must be for 12 months
4. Ability to install on operating systems in 64-bit versions:
Windows 10.
Windows Server 2016.
5. Must be accessible from a web browser and have support for:
Internet Explorer 11.
Firefox ESR 68.6.1.
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 7 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
6. Must support access to the web interface via HTTP and HTTPS protocols and must allow the
use of TLS to ensure confidentiality (privacy) and data integrity during communication be-
tween software and web browsers
7. The software must work on VMware ESXi 6.0 patch 20192001, 6.5 patch 20192001 or 6.7
patch 20192001 virtualization platforms
8. Must allow downloading current virus definitions online and offline
9. Must allow the updating mechanism by at least three different methods:
Internet: automatic update downloaded from the Internet.
Folder: search for updates in the specified folder.
Manually.
10. Must regularly check for available updates for installed anti-virus engines. Both the database
and engine update is based on the mechanism checking the authenticity of the origin of the
update package. If authentication is confirmed, the update package will be downloaded. As
an additional stability measure, each downloaded update package is tested locally to make
sure it works correctly. Only after successful testing, the update package will be introduced
into the system
11. Ability to set a schedule for downloading updates, including the option of disabling automat-
ic updates
12. The update history shows information about each event related to the update package
13. Module performs "on demand" file scanning
14. Scan files in at least two ways:
1. Scan files via the web interface of the application.
2. Scan files using REST API interface.
15. Ability to scan the entire disk, selected directories or individual files "on demand"
16. Must support integrations at least via REST API v2 (JSON based) so that any programming
language can use it for integration purposes
17. Possibility to run PowerShell scripts after completing the file scan task (handling "Post Ac-
tion" actions)
18. Within the module, you can define "Post Action", which is a command line executable file or
script that will be called after every scan. By means of the system, it will be possible to de-
termine what actions after scanning the file should take place depending on the parameters:
scan result or file type. 'Post actions' must at least include actions:
Copying the file.
Sending a "clean" file to a dedicated secure FTP platform.
Converting the file to the standard format.
Quarantine and sending alerts about infected files.
19. Ability to present scan results on the system interface and in JSON format as well as inte-
grated syslog system
20. The program allows simultaneous scanning of min. 20 files at a time by all anti-virus engines
at once
21. The ability to set timeout at the engine level or the multi scanning process
22. Ability to set a threshold value for possible false positives
23. Must support reporting of problems with the scanning engine for early detection of any
problems related to the quality of antivirus engines via syslog integration.
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 8 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
24. Must have the functionality of checking and detecting the original file type and eliminating
"spoofed files" with potential harmful content and limiting the allowed file types. Infor-
mation about the incompatibility of the file type
25. The program must detect the use of compression mechanisms used by malicious software
26. Must support archive, compressed and zipped file types, at least: Zip, 7z, Jar, rar, rar5, tar,
ISO, Gzip, CAB, ARJ, LZH, RPM, DEB, LZMA, WIM, SFX, XZ, VDI, VHD, MBR, CPIO, HFS, .apk .gz
.msi .tgz .tbz, bz2
27. The ability to enable or disable handling of zipped files and defining security parameters
against so-called "archive bombs":
Maximum recursion level specifying the number of extracted archive layers.
Maximum number of extracted files.
General maximum size of extracted files.
28. Ability to disable scanning of the archive itself and setting the time limit for the entire pro-
cess.
29. Ability to define the list of file extensions to be scanned (including files with no extensions).
30. Possibility of including selected files, directories or files with specified extensions on the list
of exclusions from scanning.
31. Blacklist / White list. The ability to create a list of files to be blocked or allowed based on at
least:
A group of file types.
MIME type.
File name.
And a combination of these parameters.
32. The program must be able to report information events and should be equipped with an
event log that records information on detected threats, on-demand and scheduled scans,
updates of virus databases and the software itself
33. Must provide the possibility of scheduling reports and sending these reports by means of
electronic mail in HTML and Excel format through API
34. Must allow export of scan history in CSV or STIX format and apply scan history filters so that
the user can export the CSV file after selecting the desired time range
35. Module must provide a central console (Dashboard) with a summary view. The console view
should provide at least information such as:
Number of threats perceived.
Number of sanitized files.
Number of detected vulnerabilities in files.
Total number of files scanned.
Number of connected scanning nodes.
Average load of scanning nodes.
Number of active antivirus engines in relation to the total number of AV engines.
Number of known CVEs and abbreviations of "hash" files in the database of known vul-
nerabilities and vulnerabilities.
Number of scanned objects in the last 30 days.
Statistics on the number of processed files over time (line chart).
36. Must show detailed information about "scanning nodes" and engines, including anti-virus
engines, archive engines, such us:
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 9 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Engines (engine name, engine type, update status).
Scan nodes (node address, actual load, number of node's processor cores, node status).
"Post Action" and external scanners.
Certificates.
37. Must enable the configuration of security zones. Each zone should contain a name, descrip-
tion and many network masks. Both IPv4 and IPv6 network zones will be supported. The fol-
lowing activities must be available:
New zones can be added.
Existing zones can be viewed.
Existing zones can be modified.
Existing zones can be deleted.
38. Must have the option "Quarantine of blocked files". All blocked files are automatically cop-
ied to quarantine
39. The administration console must enable viewing information about quarantined objects and
taking appropriate actions (eg restoring, scanning, uploading the sample to Cloud Service for
dynamic analysis)
40. Must show all scanned files copied to quarantine with the "pin" function to avoid deletion
when cleaning quarantine
41. Searching the quarantine log using criteria: comment, file name and source of the scan re-
quest
42. Must provide a scan history containing information on all scans made by the system
43. The ability to display detailed information about scanned archive files as well as a list of re-
sults of scanning of files within the archive
44. A scan history on which you can search using: MD5, SHA1, SHA256 hashes, and file names
and search results for a specific scan result
45. The software must provide the functionality of adding "hashes" to the white list
46. The software must use the mechanisms for importing or exporting the system configuration
as a JSON file containing the current configuration. The JSON file must contain the entire
configuration of zones and security rules
47. The software must have built-in configuration backup mechanisms to simply restore the sys-
tem after complete re-installation
48. Must enable users, groups and user roles to be managed from the system console via the In-
ternet
49. Must show a list of existing users and user groups in the Active Directory
50. Support for Role Based Access Control (RBAC). Ability to assign roles to users and Active Di-
rectory groups to use the system management console
51. Possibility to block access to program settings for users
52. Cleaning the scan database. Saved scan results, quarantined files, audit log records, and
cleaned files older than the set value will be permanently deleted from the server
53. Should offer logging configuration options along with the log debugging function
54. Automated Database cleanup mechanism for historical configuration builds
55. Module must enable configuration of security policies containing rules along with file scan-
ning profiles. As part of the rules, the following actions should be available:
Adding new rules.
Viewing existing rules.
Modifying existing rules.
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 10 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Deleting existing rules.
56. Security policies define which rules are available and in which zone with the possibility of
adding multiple rules to the same security zone
57. The ability to set scan profiles for various sources, at least based on the source IP address of
a given client
58. The system must contain predefined rule templates that can be cloned
59. Module must have the functionality of multi-scanning files using more than one antivirus en-
gine. As part of the proceedings, a license should be provided that allows simultaneous file
scanning with the help of min. 20 antivirus engines (virus definitions must come from data-
bases of at least 20 different antivirus vendors)
60. Must provide protection mechanism against exploits in popular applications, eg. PDF read-
ers, JAVA applications
61. Full protection against viruses, Trojans, worms, other file-based threats like scripts, Java ap-
plets and ActiveX
62. Detecting and blocking dangerous spyware applications like adware, spyware, dialer, phish-
ing, hacking tools, backdoor, etc. Built-in technology for protection against rootkits
63. The program should support optional manual process that involves mechanism of new
threats detection using online reputation services managed by the solution's manufacturer.
Files from Quarantine can be uploaded to such service in the cloud for more information. If a
suspicious code / file is detected and there is no definition in the local antivirus signature
file, the AV scanner must be able to send a query to the central database maintained by the
manufacturer
64. Must use heuristic analysis (based on the analysis of a potential virus code) supported by at
least one of the antivirus engines available under the license
65. Must provide YARA rules capabilities
66. Module must have a function of sanitizing (cleaning) of files, technology also known as “Con-
tent Disarm and Reconstruction” that effectively prevents the execution of malicious codes
(including zero threats) contained in scanned files
67. The sanitizing function should be performed using at least two methods:
Deleting hidden, used objects (eg scripts, macros, OLE objects, etc.).
Converting the file format to another or the same file type.
68. The program must allow sanitizing and removal of active content and conversion for at least
80 file formats, including files with the extension min.: . doc, dot, xls, xlt, ppt, pot, rtf, docx,
docm, dotx, dotm, xlsx, xlsm, xlsb, xltx, xltm, csv, pptx, potx, pptm, potm, pps, ppsm, ppsx,
vsdx, vssx, vstx, vsdm, vssm, vstm, vsx, vtx, vdx, odt, ott, htm/html, mht, pdf, hwp, jtd, jtdc,
xml, xml-doc, xml-docx, xml-xls, vcs, ics, jpg, bmp, png, tiff, svg, gif, wmf, emf, dwg, dxf, dwf,
3ds, dae, u3d, drc, rvm, wmv, mpeg, wav, mp3, mp4, avi, eml, msg, pst, txt, 7z, gz, rar, xz,
zip, tar, bz2, lzma, lzh, arj, cab
69. The ability to set both the type of sanitization and the target file type
70. Possibility of flexible configuration of the sanitizing function and determining which objects
are to be removed from the files, e.g. removing macros while maintaining hyperlinks
71. The ability to set the maximum time allowed to remove data from the file and for how long
the system stores the sanitized files
72. The program must enable sanitization and deletion of files from archives of the following
formats: RAR, ARJ, ZIP, CAB, LHA, JAR and ICE
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 11 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
73. The software must have capability of File-Based Vulnerability Assessment to detect applica-
tion and file based known vulnerabilities
74. Can detect vulnerabilities in installers, binary files and Internet of Things (IoT) firmware
75. Must support a database of CVEs, Hashes, Application Installers belonging to at least 15
thousand of the most popular applications
76. Must be able to check for known vulnerabilities at rest, without having to power them on
77. The software must detect and block sensitive data in files, such as:
Social Security Number (SSN)
Credit Card Number (CCN)
Any specific data pattern using the regular expression
78. Must support a wide range of file types, including:
Ansi Text (*.txt)
ASCII Text
CSV (Comma-separated values) (*.csv)
Microsoft Excel for Mac 2.2, 3, 4, 5, 98, 2001, X, 2004, 2008, 2011
Microsoft Excel for Windows 2, 3, 4, 5
Microsoft Excel 95, 97, 2000, XP, 2003, 2007, 2010, 2013, 2016 (*.xls)
Microsoft Excel Office Open XML 2007, 2010, 2013, and 2016 (*.xlsx)
Microsoft PowerPoint 3, 4, 95, 97, 98, 2000, 2001, 2002, 2003, 2004, 2007, 2008, 2010,
2011, 2013, 2016 (*.ppt)
Microsoft PowerPoint Office Open XML 2007, 2010, 2013, and 2016 (*.pptx)
Microsoft Rich Text Format (*.rtf)
Microsoft Word for DOS 1, 2, 3, 4, 5, 6 (*.doc)
Microsoft Word for Mac 1, 3, 4, 5, 6, 98, 2001, X, 2004, 2008, 2011
Microsoft Word for Windows 1, 2, 6 (*.doc)
Microsoft Word 95, 97, 98, 2000, 2002, 2003, 2007, 2010, 2013, 2016 (*.doc)
Microsoft Word 2003 XML (*.xml)
Microsoft Word Office Open XML 2007, 2010, 2013, 2016 (*.docx)
OpenOffice/LibreOffice versions 1, 2, 3, 4, and 5 documents, spreadsheets, and presenta-
tions (*.sxc, *.sxd, *.sxi, *.sxw, *.sxg, *.stc, *.sti, *.stw, *.stm, *.odt, *.ott, *.odg, *.otg,
*.odp, *.otp, *.ods, *.ots, *.odf) (includes OASIS Open Document Format for Office Ap-
plications)
PDF files (*.pdf).
PDF Portfolio files (*.pdf), including embedded non-PDF documents.
Unicode (UCS16, Mac or Windows byte order, or UTF-8)
XML (*.xml)
79. Must automatically obscure potentially sensitive information from documents. Any sensitive
information will be proactively redacted before it gets to your end users to prevent access to
this information by an unauthorized person. Redaction helps hide private information. This
information will be covered while the structure of the document remains
80. Redaction must support file types:
Portable Document Format (PDF).
81. Automatically removes Metadata associated to images which may possess sensitive infor-
mation such as GPS location or an image's author
82. Can remove metadata contained within Images: JPG, PNG
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 12 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
83. Automatically watermark images to stop a user from making copies or taking a picture of it
without revealing who loaded the image
84. Supported File Types for watermarking:
JPEG
TIFF
PNG
GIF
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 13 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
IV. Workstation (hardware) parameter requirements – 2 pcs.
V. Monitor (hardware) parameter requirements – 2 pcs.
Lp Part Name Description
1 Panel Type IPS with LED backlight
2 Touchscreen Specification
Touch Panel Type - up to 10 Point Advanced In-Cell Touch, Self-Capacitive
3 Viewable Image Area Min. 21” widescreen
4 Aspect Ratio 16:9
5 Viewing Angle Up to 178° horizontal/178° vertical
6 Brightness Min. 250 cd/m2
7 Contrast Ratio Min. 1000:1
8 Pixels Per Inch Min. 96 PPI
9 Native Resolution 1920x1080 @ 60Hz
10 Maximum Pixel Clock Speed
170 MHz
11 Input Signal 1 x VGA 1 x HDMI 1.4 1 x Display Port 1.2
12 USB Min. 2 x USB 3.0 ports
13 Input Power (Nominal Voltage)
AC 100 - 240 V (50/60 Hz)
14 User Controls Min. Brightness, Contrast, Color Control, Input Control, Im-age Control, Power control, Menu Control, Management, Language, Information, Factory Reset
Lp Part Name Description
1 Computer Form Fac-tor
Tower
2 Processor Min. Intel Core i5 9500 3.0Ghz 6C CPU
3 RAM Memory Min. 32GB DDR4 2666 UDIMM
4 Hard Disc Min. 256GB SSD HDD
5 Graphics Intel UHD Graphics 630 Core
6 LAN Min. 10GbE Dual Port NIC (fiber optic)
7 USB Min. 2 x USB 3.0 ports and 1 x USB-C 3.1 port on front pan-el, Min. 2 x USB 2.0 ports and 4 x USB 3.0 ports on rear panel,
8 Card Reader SD Card Reader on front panel
9 CD/DVD 9.5mm DVD-Writer
10 Operating System MS Windows 10 Pro 64
11 Keyboard Slim Wired Keyboard
12 Mouse Optical Wired Mouse USB
13 Power Supply Min. 1 x 500W
14 Warranty At least 3-year Next business day onsite hardware service with DMR option
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
HEADQUARTERS MULTINATIONAL CORPS NORTHEAST
Ul. Łukasinskiego 33, 71-215 SZCZECIN, POLAND
Page 14 of 14
NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
15 Warranty At least 3-year warranty
VI. Server (hardware) parameter requirements – 1 pcs.
Lp Part Name Description
1 Server Form Factor Rack (1U)
2 Processor Min. 2 x Intel Xeon-G 5218 16-Core (2,3Ghz 22Mb L3 cache) Processor Kit
3 RAM Memory Min. 64GB 2933Mhz RDIMM
4 Hard Disc 6 x 480GB SATA MU SFF SC MV SSD
5 Graphics Integrated Matrox G200eH2
6 LAN Min. 2 x 10Gb dual port NIC, 1 x Ethernet 1Gb 4-port 366FLR adapter
7 USB Min. 1 USB 3.0 port on front panel, Min. 2 USB 3.0 ports on rear panel, Min. 2 USB 3.0 ports inside
8 Controllers Min. 1 x Smart Array SATA 6Gb/s / SAS 12Gb/s
9 RAID RAID 0, RAID 1, RAID 5, RAID 6, RAID 10, RAID 50, RAID 60, RAID 1 ADM, RAID 10 ADM
10 Card Reader microSD Card Reader
11 Operating System MS Windows Server 2019 Standard Edition
12 Remote Management Controller
Integrated Lights-Out 5
13 Remote Management Protocol
Min. SNMP 3, IPMI 2.0, SMASH CLP
14 Input Power (Nominal Voltage)
AC 120 - 230 V (50/60 Hz)
15 Power Supply 2 x 800W Hot Plug Power Supply Kit,
16 Warranty At least 3-year Next business day onsite hardware service with DMR option
VII. Disc Array (hardware) parameter requirements – 1 pcs.
Lp Part Name Description
1 Array Type Array SAS Dual Controller Large Form Factor Storage
2 Height 2U
3 Hard Disc 12 x 6TB 12G SAS 7.2K 3.5” MDL HDD
4 Storage Interface Type
SAS 12Gb/s
5 RAID RAID 0, RAID 1, RAID 3, RAID 5, RAID 6, RAID 10, RAID 50
Warranty At least 3-year Next business day onsite hardware service with DMR option