Draft NEA, e-GIF and MSDP Report - National Enterprise Architecture

Transcription

Draft NEA, e-GIF and MSDP Report
Standards Checklist
LICT-36-SBCC-CF-SIO: Establishing Enterprise Architecture and
Interoperability Framework
Bangladesh Computer Council
January 2016
Establishing National Enterprise Architecture and Interoperability Framework
January 2016
Document control
Project name
Establishing Enterprise Architecture and Interoperability Framework
Client representatives
Mr. Tarique Barkatullah
Contract package
S10
Credit
5025#BD
Report No
2015-Delhi-0288
Start date
30 November 2014
End date
30 January 2016
Key project team members
BCC
EY
Designation
Name
Function
Team Leader
Mr. Ashish Verma
Team leader
Engagement Manager
Mr. Ramesh Mishra
Engagement Management
Engagement Partner
Mr. Rahul Rishi
Engagement Leadership
Director (In-charge)
Project Coordinator
Project Director, LICT
Mr. Md. Rezaul Karim
Project Management
Name
Approval Date
Approval
BCC
EY
Designation
Team Leader
Mr. Ashish Verma
Engagement Manager
Mr. Ramesh Mishra
Engagement Partner
Mr. Rahul Rishi
Mr. Tarique M Barkatullah
Page 2 | Standards checklist
January 2016
Disclaimer
This report is intended solely for the information and use of the management of Bangladesh Computer Council and is not intended to be
and should not be used by anyone other than these specified parties. EY therefore assumes no responsibility to any user of the report
other than Bangladesh Computer Council. Any other persons who choose to rely on our report do so entirely at their own risk.
As it is practically not possible to study all aspects of a process in its entirety thoroughly during the limited time period of an assessment,
based on our methodology for conducting assessments, we conducted a review of the process and held discussions with the process
owners and other key people in the process during the planning stage of assessment which helped us in identifying specific areas where
architectural & process gaps may exist, opportunities for process and technology improvement. Our subsequent test work, study of issues
in detail and developing action plans are directed towards the issues identified. Consequently this report may not necessarily comment on
all the function / process related matters perceived as important by the management.
The issues identified and proposed action plans in this report are based on our discussions with the people engaged in the process, review
of relevant documents/records and our physical observation of the activities in the process. We made specific efforts to verify the
accuracy and authenticity of the information gathered only in those cases where it was felt necessary. The work carried out and the
analysis thereof is based on the interviews with the personnel and the records provided by them.
The identification of the issues in the report is mainly based on the review of records, sample verification of documents / transactions and
physical observation of the events. As the basis of sample selection is purely judgmental in view of the time available, the outcome of the
analysis may not be exhaustive and representing all possibilities, though we have taken reasonable care to cover the major eventualities.
Errors and Omissions:
When reading this document if you identify any errors or omissions please advise the author in writing, in 15 calendar days, giving a brief
description of the problem, its location within the document and your contact details.
Confidentiality:
This do u e t o tai s p i ileged a d o fide tial i fo
atio pe tai i g to Establishing Enterprise Architecture and Interoperability
Framework . The a ess le el fo the do u e t is spe ified a o e. The addressee should honour this access rights by preventing
intentional or accidental access outside the access scope.
January 2016
Table of Contents
1.
BUSINESS ARCHITECTURE STANDARDS .................................................................................................... 6
1.1
1.2
1.3
2.
DATA ARCHITECTURE STANDARDS ........................................................................................................... 7
2.1
2.2
2.3
3.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION STANDARDS ...................... ERROR! BOOKMARK NOT DEFINED.
NIST GUIDELINES AND STANDARDS ................................................................... ERROR! BOOKMARK NOT DEFINED.
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD ........................................... ERROR! BOOKMARK NOT DEFINED.
CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) ......... ERROR! BOOKMARK NOT DEFINED.
SARBANES-OXLEY ACT OF 2002 (SOX) ............................................................. ERROR! BOOKMARK NOT DEFINED.
INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY ......................................... ERROR! BOOKMARK NOT DEFINED.
MOBILE SERVICE DELIVERY PLATFORM STANDARDS .............................................................................. 41
6.1
6.2
7.
SERVICE MANAGEMENT............................................................................................................................... 27
PLATFORMS .............................................................................................................................................. 28
NETWORKS............................................................................................................................................... 31
DATA CENTER............................................................................................................................................ 35
CLOUD..................................................................................................................................................... 37
SECURITY STANDARDS ........................................................................................................................... 40
5.1
5.2
5.3
5.4
5.5
5.6
6.
SOFTWARE DEVELOPMENT LIFECYCLE ............................................................................................................. 14
APPLICATION ARCHITECTURE REFERENCE MODEL LAYERS .................................................................................... 16
TECHNOLOGY ARCHITECTURE STANDARDS ............................................................................................ 27
4.1
4.2
4.3
4.4
4.5
5.
GENERAL DATA STANDARDS ........................................................................................................................... 7
TECHNICAL DATA STANDARDS ....................................................................................................................... 10
INDUSTRY DATA EXCHANGE STANDARDS ......................................................................................................... 12
APPLICATION ARCHITECTURE STANDARDS ............................................................................................ 14
3.1
3.2
4.
BUSINESS PROCESS MODELLING NOTATION (BPMN)........................................... ERROR! BOOKMARK NOT DEFINED.
BUSINESS PROCESS EXECUTION LANGUAGE (BPEL).............................................. ERROR! BOOKMARK NOT DEFINED.
UNIFIED MODELING LANGUAGE (UML)............................................................. ERROR! BOOKMARK NOT DEFINED.
APPLICATION DEVELOPMENT TECHNOLOGIES FOR MOBILE DEVICES .................................................................... 41
MOBILE APPLICATION DEVELOPMENT STANDARDS ........................................................................................... 47
E-GIF STANDARDS .................................................................................................................................. 54
7.1
7.2
7.3
7.4
7.5
7.6
PRESENTATION .......................................................................................................................................... 54
BUSINESS PROCESS INTEROPERABILITY ............................................................................................................ 54
DATA EXCHANGE INTEROPERABILITY .............................................................................................................. 54
SERVICES .................................................................................................................................................. 55
SECURITY ................................................................................................................................................. 56
TECHNOLOGY ............................................................................................................................................ 57
January 2016
A
e iatio
Abbreviation
Description
a2i
Access to Information
ADM
Architecture Development Method
ARM
Application Reference Model
BCC
BRM
Business Reference Model
BPEL
Business Process Execution Language
BPMN
Business Process Modelling Notation
CR
Change Request
DC
Data Centre
DR
Disaster Recovery
DRM
Data Reference Model
e-GIF
Electronic Government Interoperability Framework
EA
Enterprise Architecture
EY
Ernst & Young LLP
FOSS
Free and Open Source Software
GoB
Government of Bangladesh
ICT
Information and Communication Technology
ICTD
Information and Communication Technology Division
ISO
International Organization for Standardization
KPI
Key Performance Indicators
LICT
Leveraging Information and Communications Technologies
MoP&ME
Ministry of Primary & Mass Education
MPT&IT
Ministry of Post, Telecommunications & Information Technology
MSDP
Mobile Service Delivery Platform
NEA
National Enterprise Architecture
NeSS
National e-Services System
NID
National Identity
NP
National Portal
PMO
Project Management Office
PoC
Proof of Concept
SID
Statistics and Informatics Division
SLA
Service Level Agreements
TA
Technical Architecture
TOGAF ®
The Open Group Architecture Framework
TRM
Technical Reference Model
UML
Unified Modelling Language
January 2016
1.
Busi ess A hite tu e “ta da ds
Standard ID
Component
Standard Description
Classification
BUS.PRC.001
Business Process Modelling
BPMN defines a Business Process Diagram (BPD),
Mandatory
Notation (BPMN)
which is based on a flowcharting technique tailored for
creating graphical models of business process
operations. Modelling in BPMN uses set of diagrams
with a small set of graphical elements to assist
business users, as well as developers, to understand
the flow and the process.
BUS.PRC.002
Business Process Execution
This is an XML based language which is used to define
Language (BPEL)
enterprise business processes with web services. The
Recommended
key objective of BPEL is to standardize the format of
business process flow definition so that the
departments can work together seamlessly using web
services. Therefore, BPEL focuses on web service
interfaces specifically. There is no standard graphical
notation for BPEL. Instead, BPMN is used as a front
end tool to capture BPEL process descriptions.
BUS.PRC.003
Unified Modeling Language
It is a tool which helps in visualizing architectural blue
(UML)
prints such as activities, individual components of a
system, interaction of entities, user interface etc.
Recommended
January 2016
2.
Data a hite tu e sta da ds
2.1
Ge e al data sta da ds
2.1.1
Data
a age e t
Standard ID
Technology
Component
Classification
DAT.DM.001
Data Access
Use DBMS that supports JDBC latest version for java
Recommended
Services
based applications.
Data Access
Use DBMS that supports ODBC for non-Java based
Services
applications. As ODBC drivers are implemented by
DAT.DM.002
Recommended
various vendors, it would be advisable to identify
DBMS that support the latest stable version of the
ODBC.
DAT.DM.003
Data Query
Support for SQL:2003 standards defined in ISO/IEC
Language
9075. SQL:2003 is the fifth revision of SQL used by
Mandatory
relational database.
Reference Site :
www.iso.org
DAT.DM.00.4
Data Query
Support for SQL:2008 standards defined in ISO/IEC
Language
9075. SQL:2008 is the latest 2008 revision of SQL used
Recommended
by relational database.
Reference Site :
www.iso.org
DAT.DM.005
Data Indexing
There is no technical standard for compliance. Please
Recommended
refer to Best Practices for more information.
DAT.DM.006
Database Tuning
Recommended
DAT.DM.007
Data Clustering
Recommended
DAT.DM.008
Data Integrity
Recommended
January 2016
2.1.2
Data desig
Standard ID
DAT.DD.001
Technology Component
Classification
Data Modelling
Use one of the following notations for data
Recommended
modelling:
(a) Unified Modelling Language (UML)
Ba ke ’s Notatio
(c) Information Engineering.
DAT.DD.002
2.1.3
E t a t, T a sfo
Internationalisation
Use Unicode standard to support the worldwide
Recommended
, Load ETL
Standard ID
Technology
Component
Classification
DAT.ETL.001
ETL
ETL tools should be used in scenarios where large
Recommended
amounts of data need to be moved, transformed,
enriched, and/or merged from multiple data sources
to a target source. An example of this is the loading
of data from source systems into a data warehouse
DAT.ETL.002
ETL
ETL processes should be scheduled so that they do
Recommended
not impact the operations and end users of the
source systems they are extracting from
DAT.ETL.003
ETL
The ETL process should encourage to move the data
Recommended
from the source to the ETL environment quickly and
should access the source only once. The target
architecture should ensure re-use of a single data
copy from production sources to minimize resource
utilization on the source system
DAT.ETL.004
ETL
The artefacts of ETL processes (e.g., scripts, SQL
Recommended
code, data mappings, etc.) should be kept in a
repository and managed so that lineage of the data
produced from those processes is traceable
DAT.ETL.005
ETL
ETL processes should encourage use of a centralized
Recommended
metadata repository to ensure data quality and
integrity.
DAT.ETL.006
ETL
ETL processes should provision for a facility to
Recommended
perform standard centralized data quality checks
with required and optional checks which may be
decided by the target system
DAT.ETL.007
ETL
ETL processes should provision for a storage
mechanism for clean data thus eliminating the need
for new processes to re-source data recheck values
or re-compute derived values.
Recommended
January 2016
2.1.4
Metadata Ma age e t
Standard ID
DAT.MM.001
DAT.MM.002
1
Classification
Metadata Management
Element : Element description
Mandatory
Metadata Management
Creator : Person or organisation primarily
Mandatory
responsible for creating the
intellectual content of the
resource—e.g., authors in the case
of written documents, and artists,
photographers, etc. in the case of visual resources
DAT.MM.003
Metadata Management
Publisher : The entity (e.g., agency, including
Mandatory
unit/branch/section) responsible for making the
resource available in its present form, such as a
publishing house, a university department, or a
corporate entity.
DAT.MM.005
Metadata Management
Rights Management : A rights management statement
Mandatory
or an identifier that links to a rights
management statement.
DAT.MM.006
Metadata Management
Title : The name given to the resource, usually by the
Mandatory
creator or publisher.
DAT.MM.007
Metadata Management
Subject : The topic of the resource. Typically,
Mandatory
this will be expressed as keywords or phrases that
describe the subject or content of the resource.
Controlled vocabularies and
formal classification schemes are encouraged.
DAT.MM.008
Metadata Management
Date : A date associated with the creation or
Mandatory
availability of the resource.
DAT.MM.009
Metadata Management
Identifier : A string or number used to uniquely
Mandatory
identify the resource. Examples for networked
resources include URLs, Purls, and URNs. ISBN or other
formal names can be used.
DAT.MM.010
Metadata Management
Description : A textual description of the content of
Mandatory
the resource, including abstracts in the case of
document-like objects or content descriptions in the
case of visual resources.
DAT.MM.011
Metadata Management
Source : The work, either print or electronic,
from which this object is derived (if applicable). Source
is not applicable if the present resource is in its original
form.
1
Source: Dublin Core Element Set, Version 1.0
Mandatory
January 2016
Standard ID
Classification
DAT.MM.012
Metadata Management
Language : The language of the intellectual
Mandatory
content of the resource.
DAT.MM.013
Metadata Management
Relation : Relationship to other resources—e.g.,
Mandatory
images in a document, chapters in a
book, or items in a collection
DAT.MM.014
Metadata Management
Coverage : Spatial locations and temporal
Mandatory
duration characteristic of the resource.
DAT.MM.015
Metadata Management
Type : The category of the resource, such
Mandatory
as home page, novel, poem, working
paper, technical report, essay, or
dictionary.
DAT.MM.016
Metadata Management
Format : The data format of the resource, used to
Mandatory
identify the software and possibly hardware that might
be needed to display or operate the
resource—e.g., postscript, HTML, TXT, JPEG, or XML.
2.2
2.2.1
Te h i al data sta da ds
Data “e u it
Standard ID
Technology
Component
Classification
DAT.DS.001
Encryption
Use cryptographic techniques for encryption
Recommended
of sensitive data. The reference standards for
cryptography include Triple Data Encryptions Standard
(3DES), Advance Encryption Standard (AES).
DAT.DS.002
Network
Databases should not be accessible directly from
Mandatory
external network (non-government network).
DAT.DS.003
Database
Use RDBMS with security controls to ensure
Mandatory
aggregation (value of disclosed data) and inference
(confidentiality).
DAT.DS.004
Database
Use RDBMS that supports the following security
Mandatory
controls:
Data access as an intended privilege
(b) Key management and encryption
(c) Integrity constrains such as domain constraints,
attribute constraints, relation constraints, and
database constraints
(d) High availability implementation, backup,
restoration and data replication
(e) Database log and policy enforcement
DAT.DS.005
Data Destruction
Data destruction shall be done using degaussing
(NIST 800-88 guidelines for Media Sanitisation), data
overwriting (Bruce chneier algorithm, DOD 5220.22-M,
Peter Gutmann Secure Deletion) and physical
Recommended
January 2016
2.2.2
Data “to age, Ba kup a d A hi al
Standard ID
Technology
Component
Classification
DAT.DBA.001
Data Storage, Backup and
Data Archiving shall support integrity checking
Mandatory
Archival
through hashing, audit logging and regulatory
compliance.
DAT.DBA.002
Strict security policies should be established for
Archival
archived data to prevent unauthorised access and
Mandatory
data loss.
DAT.DBA.003
Use ISO 15489-1 for records management.
Recommended
Use the Dublin Core metadata element set for
Recommended
Archival
resource description based on ISO 15836.
Use portable document format for document
Archival
management based on ISO 32000-1.
Use ISO/TR 18492 for long-term preservation of
Archival
electronic document-based information.
Use Open Archival Information System (OAIS) to
Archival
establish a system for archiving information for both
Archival
DAT.DBA.004
DAT.DBA.005
DAT.DBA.006
DAT.DBA.007
Recommended
Recommended
Recommended
digitalized and physical. This framework is based on
ISO 14721.
2.2.3
Metadata, “patial data Ma age e t, E te p ise “ he a a d BI
Standard ID
Classification
DAT.MSEB.001
Metadata, Spatial data
Use XML Schemas 1.0 and above to manage and overall
Mandatory
Management, Enterprise and
Enterprise Schema.
BI
DAT.MSEB.002
DAT.MSEB.003
Use Metadata Object Facility (MOF) to define,
manipulate and integrate metadata and data in a
BI
platform independent manner.
Support Resource Description Framework (RDF)
framework for describing and interchanging
BI
metadata based on resource, properties and statements
Mandatory
Recommended
definitions.
DAT.MSEB.004
Support Common Warehouse Metamodel (CWM) to
enable interchange of warehouse and BI metadata
BI
between warehouse tools, warehouse platforms and
warehouse Metadata repositories in distributed
heterogeneous environments.
Recommended
January 2016
Standard ID
Classification
DAT.MSEB.005
Support Common Warehouse Metamodel Metadata
Recommended
Interchange Patterns to add semantic context to the
BI
interchange of Metadata in terms of recognised sets of
objects or object patterns.
DAT.MSEB.006
DAT.MSEB.007
Use the set of standards produced by ISO/TC 211 that
supports the understanding and usage of geographic
BI
information.
Support Open Geospatial Consortium (OpenGIS)
Simple Feature that provides a way for application to
BI
access spatial data in RDBMS.
Recommended
Recommended
There are three standards available – CORBA, SQL and
OLE/COM.
DAT.MSEB.008
DAT.MSEB.009
Use Open GIS Geography Markup Language Encoding
Standard (GML 2, GML 3) for transfer and storage of
BI
geographic information.
Support Open GIS Web Map Service (WMS), Web
Feature Services (WFS) and Web Coverage Service
BI
(WCS) specifications which specify protocols that
Recommended
Recommended
provide uniform access by HTML clients to maps
rendered by WMS enabled map servers on the internet.
DAT.MSEB.010
Support Open GIS Catalogue Services Interface
Standards (CAT) to publish and search collections of
BI
descriptive information (metadata) about geospatial
Recommended
data, services and related resources.
DAT.MSEB.011
2.3
I dust
Support Open GIS Keyhole Markup Language
(KML)Service for geographic visualisation, including
BI
annotation of maps and images.
Recommended
data e ha ge sta da ds
Standard ID
Technology
Component
Classification
DAT.IDES.001
Data Exchange
Use Extensible Markup Language (XML 1.0 or XML1.1)
Recommended
as a preferred data exchange standard.
DAT.IDES.002
Data Exchange
Support the following standards for exchange of
textual data:
(a) Extensible Markup Language (XML 1.0 or XML 1.1)
for most applications
(b) Support Comma Separated Value (CSV) for legacy
applications
Recommended
January 2016
Standard ID
Technology
Component
Classification
DAT.IDES.003
Data Exchange
Support the following standards for exchange of
Mandatory
image data:
(a) Joint Photographic Experts Group (JPEG) for
photography images
(b) Graphics Interchange Format (GIF) for internet
images due to its small size and support for animation
(c) Tagged Image File Format (TIFF) for scanned
Images
(d) Portable Network Graphic (PNG) for internet
images which require increased colour depth
compared to GIF
DAT.IDES.004
Data Exchange
Support the following standards for exchange of video
Recommended
and audio data:
(a) Moving Pictures Expert Group (MPEG-1 to MPEG4) for most audio and video applications
(b) 3rd Generation Partnership Project (3GPP and
3GPP2) for audio and video over 3G mobile Networks
DAT.IDES.005
Data Exchange
Support the file transfer through client file transfer
Recommended
and Server File transfer – FTP server
DAT.IDES.006
Data Exchange
Web Service Description Language is an XML based
N.A
interface definition language that is used describing
the functionality offered by a web service
DAT.IDES.007
Data Exchange
Web Services Security (WS-Security, WSS) is an
N.A
extension to SOAP (Simple Object Access protocol) to
apply security to Web services
DAT.IDES.008
Data Exchange
Use XML Metadata Interchange (XMI) as a XML
Recommended
Integration framework for defining, interchanging,
manipulating and integrating XML data and objects.
DAT.IDES.009
Data Exchange
Use xPath 2.0, an XML path language for selecting
Recommended
nodes from an XML document.
DAT.IDES.010
Data Exchange
Use XQuery 1.0 to design query collections for XML
Recommended
data.
DAT.IDES.011
Data Exchange
Use XSLT 2.0 for transforming XML documents into
Recommended
other XML documents.
DAT.IDES.012
Data Exchange
Message queues and mailboxes are software-
N.A
engineering components used for inter-process
communication (IPC), or for inter-thread
communication within the same process
DAT.IDES.013
Data Exchange
A directory service is a software system that stores,
organizes, and provides access to information in a
computer operating system's directory
N.A
January 2016
3.
Appli atio a hite tu e sta da ds
3.1
“oft a e de elop e t life
3.1.1
le
“ele tio of “oft a e De elop e t Life
Standard ID
ARM_SDLC_001
le
Standard
Classification
Project heads should define the SDLC model from either Waterfall or
Mandatory
iterative
ARM_SDLC_002
Selection and use of one application development methodology for the
Mandatory
entire duration of the project
ARM_SDLC_003
To change the selected methodology, a proper change request procedure
Mandatory
should be followed
3.1.2
ARM_SDLC_004
Follow ISO/IEC/IEEE 24765 standard for systems and software engineering
Recommended
ARM_SDLC_005
Follow IEEE standard 12207 for software life cycle processes
Recommended
ARM_SDLC_006
Follow IEEE standard 1517 to reuse processes
Recommended
Re ui e e t eli itatio
Standard ID
Standard
Classification
ARM_REQ_001
The project team must gather business and system requirements
Mandatory
ARM_REQ_002
The project team must establish and document business requirements
Mandatory
ARM_REQ_003
A requirement should be traceable back-ward to requirements and the
Mandatory
stakeholders that motivated it
ARM_REQ_004
On successful completion a sign-off must be obtained for requirements and
Mandatory
design document
3.1.3
“oft a e desig
Standard ID
ARM_SDD_001
Standard
Classification
Project team must follow IEEE standard 1069 for Information technology –
Mandatory
system design
ARM_SDD_002
The project team must document the software design as per IEEE 1016
Mandatory
ARM_SDD_003
Follow ISO/IEC 42010 for architecture description
Recommended
ARM_SDD_004
Project team should use notations for static and dynamic views
Recommended
ARM_SDD_005
On successful completion a sign-off must be obtained for requirements and
Mandatory
design document
January 2016
3.1.4
Codi g sta da ds
Standard ID
ARM_COS_001
Standard
Classification
Select the programming language appropriately to meet the documented
Mandatory
requirements of the system
ARM_COS_002
Indent code for better readability
Mandatory
ARM_COS_003
Establish a maximum line length for comments and code to avoid horizontal
Mandatory
scrolling of editor window
ARM_COS_004
Use space after each comma, operators, values and arguments
Mandatory
ARM_COS_005
Break large, complex sections of code into smaller comprehensible modules/
Recommended
functions
ARM_COS_006
Arrange and separate source code between files
Recommended
ARM_COS_007
Choose and stick to naming convention
Recommended
ARM_COS_008
Avoid elusive names that are open to subjective interpretation
Recommended
ARM_COS_009
Do not include class names in the name of class properties
Recommended
ARM_COS_010
Use the verb-noun method for naming routines
Recommended
ARM_COS_011
Append computation qualifiers (Avg, Sum, Min, Max, Index) to the end of a
Recommended
variable name where appropriate
ARM_COS_012
Use customary opposite pairs in variable names
Recommended
ARM_COS_013
use mixed-case formatting to simplify reading
Recommended
ARM_COS_014
Boolean variable names should contain Is which implies Yes/No or True/False
Recommended
values
ARM_COS_015
Avoid using terms such as Flag when naming status variables, which differ
Recommended
from Boolean variables in that they may have more than two possible values
ARM_COS_016
Even for a short-lived variable that may appear in only a few lines of code,
Recommended
still use a meaningful name. Use single-letter variable names, such as i, or j,
for short-loop indexes only.
ARM_COS_017
Develop a list of standard prefixes for the project to help developers
Recommended
consistently name variables
ARM_COS_018
For variable names, include notation that indicates the scope of the variable
Recommended
ARM_COS_019
Constants should be all uppercase with underscores between words
Recommended
ARM_COS_020
Wrap built-in functions and third-party library functions with
Recommended
your own wrapper functions
ARM_COS_021
Report error message and recover or fail gracefully
Recommended
ARM_COS_022
Provide useful error messages
Recommended
ARM_COS_023
When modifying code, always keep the commenting around it up to date
Recommended
ARM_COS_024
At the beginning of every routine, it is helpful to provide standard,
Recommended
boilerplate comments, indicating the routine's purpose, assumptions, and
limitations
January 2016
Standard ID
Standard
Classification
ARM_COS_025
Avoid adding comments at the end of a line of code
Recommended
ARM_COS_026
To conserve resources, be selective in the choice of data type to ensure the
Recommended
size of a variable is not excessively large.
ARM_COS_027
Keep the scope of variables as small as possible to avoid confusion and to
Recommended
ensure maintainability
ARM_COS_028
When writing classes, avoid the use of public variables. Instead, use
Recommended
procedures to provide a layer of encapsulation and also to allow an
opportunity to validate value changes.
ARM_COS_029
Do not open data connections using a specific user's credentials. Connections
Recommended
that have been opened using such credentials cannot be pooled and reused,
thus losing the benefits of connection pooling.
3.1.5
Testi g sta da ds
Standard ID
Standard
Classification
ARM_TST_001
Follow ISO/IEC/IEEE standard 29119 for software testing
Mandatory
ARM_TST_002
Follow ISO/IEC standard 15288 and 12207 for system engineering standards
Recommended
include process for verification and validation
3.1.6
ARM_TST_003
Follow IEEE 1008, BS 7925 standard for testing
Recommended
ARM_TST_004
Follow IEEE 829, 1028 for software review techniques
Recommended
“oft a e
ai te a e
Standard ID
3.2
3.2.1
Standard
Classification
ARM_SOM_001
Follow ISO/IEC standard 14764 for software maintenance
Mandatory
ARM_SOM_002
Follow IEEE standard 1219 and 14764 for process of software maintenance
Mandatory
Appli atio a hite tu e efe e e
odel la e s
We site guideli es
Standard ID
Guideline
Classification
Common
Requirements
WEB.DES.001
Website should be registered under 'gov.bd' domain
Mandatory
WEB.DES.002
The link to other websites and portal should open in a new tab or a new window
Mandatory
WEB.DES.003
Content should be free from spelling and grammatical errors
Mandatory
WEB.DES.004
The content should not be discriminative/ offensive
Mandatory
WEB.DES.005
A policy should be prevalent in department for review of content to be published on website
Mandatory
January 2016
WEB.DES.006
The website should provide option for content translated in atleast English language
Mandatory
WEB.DES.007
Website and content page should display when it was last modified
Mandatory
WEB.DES.008
The website should be able to correctly render on all common browsers
Mandatory
WEB.DES.009
The website should be able to render on mobile and tablets
Optional
WEB.DES.010
File size should be minimized to allow pages to render quickly
Mandatory
WEB.DES.011
Navigation labels should be clear and understandable
Mandatory
WEB.DES.012
Key navigation menu should be available on all pages
Mandatory
WEB.DES.013
Use title headings and/ or breadcrumb trails for navigational aid and location tracking
Mandatory
WEB.DES.014
The website should provide print friendly function to print the core content
Mandatory
WEB.DES.015
The website should provide function to email the page
Optional
WEB.DES.016
The website should provide links to social media handles as icons
Optional
WEB.DES.017
The layout and visual styles should be maintained across the website
Mandatory
WEB.DES.018
The website should be integrated with the Bangladesh National Portal Framework
Mandatory
WEB.DES.019
Ensure there are no broken links (internal and external)
Mandatory
WEB.DES.020
Information like playing time, format, plug-in required should be displayed along with the
content
Mandatory
WEB.DES.021
Ensure that the downloadable content and pages of the website should are free from virus or
malicious codes
Mandatory
WEB.DES.022
Bangladesh Government logo placed on the top header
Mandatory
WEB.DES.023
The Organization/ Department's name is displayed along with its logo
Mandatory
WEB.DES.024
The header hyperlinks must contain the following links
- Sitemap
- Accessibility
- Contact us
Mandatory
WEB.DES.025
A search option should be placed prominently on each page of the website
Mandatory
WEB.DES.026
All information important for citizen, about the department, its schemes should be clearly
articulated and presented
Mandatory
WEB.DES.027
The title of the schemes should be clearly reflected
Mandatory
WEB.DES.028
Details of the schemes should be easily navigable along with process, eligibility criteria,
requirements and validity
Mandatory
WEB.DES.029
The titles for services offered should be self explanatory
Mandatory
WEB.DES.030
Complete description of services along with mandatory requirements should be published
Mandatory
WEB.DES.031
The website should provide forms online and clearly describe their purpose
Mandatory
WEB.DES.032
Any Acts related to services should be clearly mentioned on the website
Mandatory
Page Header
Requirements
Content
Requirements
January 2016
WEB.DES.033
All the circular and notifications are prominently displayed on website
Mandatory
WEB.DES.034
Documents should be published in formats like (PDF, DOC, XLS, HTML etc.)
Mandatory
WEB.DES.035
Any documents should have complete name, version no. and date of upload should be listed
Mandatory
WEB.DES.036
Information for documents like size, file type should be made available
Mandatory
WEB.DES.037
Process should be in place to weed out all the outdated notifications and documents from the
website
Mandatory
WEB.DES.038
All the discussion forums should be moderated
Mandatory
WEB.DES.039
A process should be established to respond to queries/ feedbacks received from the website
Mandatory
WEB.DES.040
Process to ensure that all the Citizen Services, Forms, Documents and Schemes are registered
with the respective repositories of the Bangladesh National Portal and National Portal
framework
Mandatory
WEB.DES.041
Website should have a help section
Mandatory
WEB.DES.042
Documents are provided either in HTML or other accessible formats. Instruction / Download
details for viewing these formats are provided.
Mandatory
WEB.DES.043
Labels should be provided when content requires input from the users.
Mandatory
WEB.DES.044
The footer should provide easy access to homepage
Mandatory
WEB.DES.045
The footer should provide the terms of use of the information available on website
Mandatory
WEB.DES.046
The footer should provide policies and disclaimer like privacy policy, disclaimer, copyright
Mandatory
WEB.DES.047
Alternative for non-text content like images, graphics, objects etc.
Mandatory
WEB.DES.048
There should be no graphic captcha or an alternative should be available
Mandatory
WEB.DES.049
Text transcripts for pre-recorded audio should be available
Mandatory
WEB.DES.050
Subtitles should be available for video presentations
Mandatory
WEB.DES.051
There should be no instructions that are only available as text or sound
Mandatory
WEB.DES.052
Any information should not be based on colour
Mandatory
WEB.DES.053
All functionalities should be accessible from keyboard
Mandatory
WEB.DES.054
Captions should be there for all important audio content
Mandatory
WEB.DES.055
There should be no content that flashes for more than 3 times in a second
Mandatory
WEB.DES.056
There should be a control for blinking and scrolling content
Mandatory
WEB.DES.057
Controls (play, pause, stop) should be made available for any audio that starts automatically
Mandatory
WEB.DES.058
Instructions for operating/ understanding content should not rely solely on characteristics like
shape, size, location etc.
Mandatory
Footer
Requirements
Accessibility
Options
Design
Requirements
January 2016
WEB.DES.059
The design of the website should be simple and maintain consistency across the website
Mandatory
WEB.DES.060
National identity symbols should be in proper aspect ratio
Mandatory
WEB.DES.061
Bengali fonts should be tested on all common browsers
Mandatory
WEB.DES.062
Text should be readable both in electronic and print format and should print properly on A4
size paper
Mandatory
WEB.DES.063
Mandatory
WEB.DES.064
Mandatory
WEB.DES.065
Mandatory
WEB.DES.066
There should be no links to under construction pages
Mandatory
WEB.DES.067
Webpages should allow user to bypass the repeated blocks of content
Mandatory
WEB.DES.068
If the website uses frames, they should be properly named
Mandatory
WEB.DES.069
Website should use Cascading Style Sheets for layout/ styles
Mandatory
WEB.DES.070
Website should be readable even the style sheets are not loaded or switched off
Mandatory
WEB.DES.071
Website should be usable in absence of javascripts and applets
Mandatory
WEB.DES.072
If content is implemented using mark up languages, the elements should be used according to
specifications.
Mandatory
WEB.DES.073
Mandatory
WEB.DES.074
Mandatory
WEB.DES.075
Mandatory
WEB.DES.076
Mandatory
WEB.DES.077
Mandatory
WEB.DES.078
Mandatory
WEB.DES.079
Time limit for time dependent web functions can be adjusted by the user
Mandatory
WEB.DES.080
All input errors are flashed in text.
Mandatory
WEB.DES.081
Focus is not trapped in any component while navigating through keyboard only
Mandatory
WEB.DES.082
All components receives focus in an order that preserves the meaning / operation.
Mandatory
WEB.DES.083
When any component receives focus it does not initiate change in context.
Mandatory
WEB.DES.084
Changing the setting of a component does not change the context unless the user has been
informed of the same.
Mandatory
WEB.DES.085
Metadata for pages like title, keywords, description and language is appropriately included.
Mandatory
WEB.DES.086
Data tables have been provided with necessary tags / mark up.
Mandatory
WEB.DES.087
Role of all interface components can be programmatically determined.
Mandatory
WEB.DES.088
Website to be tested on multiple browsers
Mandatory
Development
Requirements
January 2016
WEB.DES.089
Website to clear Security Audit by certificate agency and has a Security Policy.
Mandatory
WEB.DES.090
Website should be accessible to the intended audience in an efficient and secure manner on
24 x 7 basis.
Mandatory
WEB.DES.091
The hosting Service Provider possesses state-of-the art multi-tier security infrastructure as
well as devices such as firewall and intrusion prevention system.
Mandatory
WEB.DES.092
The hosting Service Provider has redundant server infrastructure for high availability.
Mandatory
WEB.DES.093
The hosting service provided performs regular backup of the web site.
Mandatory
WEB.DES.094
The Hosting Service Provided has a Disaster Recovery (DR) Centre in a geographically distance
location and a well crafted DR plan for the website.
Mandatory
WEB.DES.095
Website Hosting Provider provides Helpdesk & Technical support on 24x7x 365 basis.
Mandatory
WEB.DES.096
All possible secure measures have been taken to prevent defacement/ hacking of the website
and the Department has been contingency plan in place for situation like these.
Mandatory
WEB.DES.097
Mandatory
WEB.DES.098
Optional
WEB.DES.099
Mandatory
WEB.DES.100
A nodal officer should be appointed by the Organization/Department for management of
Website
Mandatory
WEB.DES.101
Department has established a website monitoring policy
Mandatory
WEB.DES.102
All policies and plans are approved by Head of Organization/ Department
Mandatory
WEB.DES.103
Website should rank in the first five results on major search engines when searched with
relevant keywords.
Mandatory
WEB.DES.104
Ensure that all stationery of the department as well as advertisements/ public messages
issued by the concerned Department prominently display the URL of the website.
Mandatory
Hosting
Requirements
Website
Management
Website
Promotion
3.2.2
P ese tatio la e
Standard ID
Standard
Classification
ARM_PR_001
Accessibility - Web Content Accessibility Guidelines (WCAG) 2.0
Recommended
ARM_PR_002
Cascading style sheets – CSS3
Recommended
ARM_PR_003
Hyper Text Markup Language – HTML 5
Recommended
ARM_PR_004
SOAP 1.2
Recommended
ARM_PR_005
WSDL 2.0
Recommended
ARM_PR_006
Extended Markup Language – XML
Recommended
January 2016
ARM_PR_007
Web services policy
Recommended
ARM_PR_008
Web of devices (http://www.w3.org/standards/webofdevices)
Recommended
ARM_PR_009
Accessible Rich Internet Applications (WAI-ARIA)
Recommended
(http://www.w3.org/standards/webdesign)
ARM_PR_010
Document Object Model (http://www.w3.org/standards/webdesign)
Recommended
ARM_PR_011
Javascript APIs (http://www.w3.org/standards/webdesign)
Recommended
ARM_PR_012
Mobile Web Applications (http://www.w3.org/standards/webdesign)
Recommended
ARM_PR_013
Web performance (http://www.w3.org/standards/webdesign)
Recommended
ARM_PR_014
Scalable Vector Graphics (SVG) (http://www.w3.org/standards/webdesign)
Recommended
ARM_PR_015
Portable Network Graphics (PNG) Specifications (Second Edition)
Recommended
ARM_PR_016
Web Computer Graphics Metafile (WebCGM)
Recommended
ARM_PR_017
Timed Text Markup Language
Recommended
3.2.3
Busi ess appli atio a d se i e la e
Standard ID
Standard
Classification
ARM_BSL_001
Web Services for Remote Portlets (WSRP) (https://www.oasis-open.org/)
Recommended
ARM_BSL_002
Business Process Model and Notation (BPMN)
Recommended
(http://www.bpmn.org/)
ARM_BSL_003
Content Management Interoperability Services (CMIS) (https://www.oasis-
Recommended
open.org/standards)
ARM_BSL_004
ISO/ TC 171 (www.iso.org)
Recommended
ARM_BSL_005
Multipurpose Internet Mail Extension (MIME) (www.ietf.org)
Recommended
ARM_BSL_006
ISO 19794-4 (www.iso.org)
Recommended
ARM_BSL_007
Common Biometric Exchange Formats Framework (CBEFF) (www.iso.org)
Recommended
ARM_BSL_008
WS – BPEL 2.0 is an OASIS standard for presenting activities in a business
Recommended
process with web services.
ARM_BSL_009
UMLv2.3 is a language for specifying, constructing, and documenting the
Recommended
artifacts of software-intensive systems
ARM_BSL_010
SoaML extends the unified modeling language (UML) to enable the modeling
and design of services within a service-oriented architecture.
Recommended
January 2016
Standard ID
ARM_BSL_011
Standard
Classification
BPMN 2.0 provide a notation that is readily understandable by all business
Mandatory
users, from the business analysts that create the initial drafts of the
processes, to the technical developers responsible for implementing the
technology that will perform those processes, and finally, to the business
people who will manage and monitor those processes.
ARM_BSL_012
BPEL4WS - Business process execution language for web services - a
Recommended
language for the specification of business processes and business interaction
protocols.
ARM_BSL_013
XML and XML schemas should be used for data integration.
Mandatory
ARM_BSL_014
UML, RDF and XML for data modelling and description languages.
Mandatory
ARM_BSL_015
XSLT v2.0 - XSL Transformations - a language for transforming XML
Recommended
documents into other XML documents.
ARM_BSL_016
Compliance with JMS for all J2EE MOM.
Recommended
ARM_BSL_017
An XML output should be provided for forms data entry.
Recommended
ARM_BSL_018
ISO/IEC 11179-3:2013 for specification and standardization of data / meta
Recommended
data elements.
ARM_BSL_019
ANSI HL7 Health Level Seven Standard Version 2.4 - Application Protocol for
Requires discussion
Electronic Data Interchange in Healthcare Environments.
ARM_BSL_020
ebXML Standard Message Service Specification Version 2.0 for security and
Mandatory
reliability extensions to SOAP.
ARM_BSL_021
ISO15022 - XML Design rules to support design of message types and specific
Mandatory
information flows.
ARM_BSL_022
UN/EDIFACT - Electronic Data Interchange for Administration, Commerce,
Requires discussion
and Transport. The United Nations EDI standard.
ARM_BSL_023
XBRL Meta Model v2.1.1 - eXtensible Business Reporting Language - an XML
Mandatory
language for business reporting.
ARM_BSL_024
XMI - XML Metadata Interchange Format. An open information interchange
Mandatory
model.
ARM_BSL_025
XSL v1.0 - eXtensible Stylesheet Language - A family of recommendations for
Mandatory
describing stylesheets for XML document transformation and presentation.
ARM_BSL_026
ER Diagrams - Entity-Relationship diagram - a diagramming notation used in
Mandatory
data modeling for relational data bases.
ARM_BSL_027
XML schema Parts 0-2:2001 - An XML-based language for defining the
Mandatory
structure of XML documents and for specifying datatypes for attribute values
and element content.
ARM_BSL_028
ISO 3166 Code Lists - 2-letter and 3-letter country code representation
Recommended
standard.
ARM_BSL_029
ISO 8601 - Date and time representation standard.
Recommended
ARM_BSL_030
WCO Data Model Version 3.0
Requires discussion
January 2016
Standard ID
3.2.4
Standard
Classification
ARM_BSL_031
Open Office XML - ECMA-376, ISO/IEC 29500 (www.iso.org)
Recommended
ARM_BSL_032
NIST 800 – 111
Recommended
ARM_BSL_033
LDAP V3
Recommended
ARM_BSL_034
ISO 15489 International Standard for Record Management (www.iso.org)
Recommended
ARM_BSL_035
OMG PRR
Recommended
ARM_BSL_036
ISO 17203 – Open Virtualization Format
Recommended
Data a d I fo
atio Ma age e t La e
Standard ID
Standard
Classification
ARM_DIM_001
ISO 9075 – Database Languages
Mandatory
ARM_DIM_001
ISO/IEC 10646
Recommended
ARM_DIM_001
XML – (http://www.w3.org/XML/)
Recommended
ARM_DIM_001
Open GIS Keyhole Markup Language (KML)
Recommended
(http://www.opengeospatial.org/)
3.2.5
De elop e t Tools La e
Standard ID
ARM_DTL_001
Standard
Classification
ISO/IEC 14102:2008 Information Technology - Guideline for the
Mandatory
Evaluation and Selection of CASE Tools
ARM_DTL_002
3.2.6
ISO 16792
Recommended
I f ast u tu e Ma age e t La e
Standard ID
Standard
Classification
ARM_IML_001
Virtualization Management (VMAN) (http://www.dmtf.org/)
Mandatory
ARM_IML_002
Open Virtualization Format (OVF) (http://www.dmtf.org/)
Recommended
ARM_IML_003
Technical Report 069 (TR-069) defines an application layer protocol for
Recommended
remote management of end-user devices
3.2.7
“e u it La e
Standard ID
ARM_SEC_001
Standard
Classification
ISO/IEC 27034 (www.iso.org) provides guidelines for application security
Mandatory
January 2016
Standard ID
3.2.8
Standard
Classification
ARM_SEC_002
The Open Web Application Security Project (OWASP) (www.owasp.org)
Mandatory
ARM_SEC_003
CERT – Secure coding standards (www.securecoding.cert.org/)
Recommended
ARM_SEC_004
ISO/IEC 24760-1A framework for identity management (www.iso.org
Recommended
ARM_SEC_005
ISO/IEC 29115 Entity Authentication Assurance (www.iso.org
Recommended
ARM_SEC_006
ISO/IEC WD 29003 Identity Proofing and Verification (www.iso.org
Recommended
E eptio ha dli g a d Log
Standard ID
a age e t La e
Standard
Classification
ARM_ELM_001
Information Logging Standard (www.sans.org)
Recommended
ARM_ELM_002
NIST SP 800-92 (csrc.nist.gov) guidelines to computer security log
Recommended
management
3.2.9
I teg atio La e
Standard ID
Standard
Classification
ARM_INT_001
Use of SOAP v1.1/1.2 for web service invocation and communication
Mandatory
ARM_INT_002
Description of all web services using WSDL V2.0. The web services
Mandatory
description language describes web services in a way that other systems can
consume the services
ARM_INT_003
WS-I Basic Profile 1.1 or Web Services interoperability profile is a set of non-
Mandatory
proprietary web services specifications along with clarifications and
amendments to those specifications that promote interoperability.
ARM_INT_004
WS-I simple SOAP binding profile v1.0 defines the use of XML envelopes for
Mandatory
transmitting messages and places constraint on their use.
ARM_INT_005
WS-I Attachments Profile 1.0 defines MIME multipart / related structure for
Mandatory
packaging attachments with SOAP messages.
ARM_INT_006
Registration of all web services using Universal Description, Discovery and
Mandatory
Integration (UDDI v3) registry.
ARM_INT_007
Use of hypertext transfer protocol (HTTP v1.1) and HTTPS as the application
Recommended
level communications protocol for web services.
ARM_INT_008
Use of LDAP v3-compliant directory for authentication, authorization, and
Recommended
storage of identity profiles and ID management information
ARM_INT_009
Use of ebXML Message Service Specifications v2.0, ebXML Registry
Recommended
Information Model v3.0 and ebXML Registry Services Specifications v3.0 as
an addition to UDDI registry.
ARM_INT_010
Use of SSL v3.0 for encryption
Under review
ARM_INT_011
Use of integration adaptors across organizations
Mandatory
January 2016
Standard ID
ARM_INT_012
Standard
Classification
Selection of adaptors that are certified by the application or middleware
Under review
solution
ARM_INT_013
Domain Name Service (DNS) is a service for mapping between domain names
Under review
and IP addresses
ARM_INT_014
Dublin Core Standard is an extensible metadata element set intended to
Mandatory
facilitate discovery of electronic resources.
ARM_INT_015
OAI harvesting protocol version 2 from Open Archives Initiative supports
Under review
access to web-accessible material through interoperable repositories for
metadata sharing, publishing and archiving.
ARM_INT_016
RDF – Resource Description Framework is a method for specifying syntax of
Under review
metadata used to exchange meta data by W3C
ARM_INT_017
ODRLv2.0 – Open Digital Rights Language supports use of digital assets in the
Under review
publishing, distribution and consumption of content, applications and
services
ARM_INT_018
XrML v2.0 or eXtensible rights Markup Language is XML-based language for
Under review
digital rights management (DRM)
ARM_INT_019
OpenGIS® Web Map Service Interface Standard (WMS) for GIS systems
Under review
(http://www.opengeospatial.org/standards/wms)
ARM_INT_020
Mandatory
ARM_INT_021
Mandatory
ARM_INT_022
XSLT v2.0 - XSL Transformations - a language for transforming XML
Recommended
documents into other XML documents.
ARM_INT_023
Recommended
ARM_INT_024
Recommended
ARM_INT_025
ISO/IEC 11179-3:2013 for specification and standardization of data / meta
Recommended
data elements.
ARM_INT_026
Requires discussion
ARM_INT_027
Mandatory
ARM_INT_028
Mandatory
information flows.
ARM_INT_029
UN/EDIFACT - Electronic Data Interchange for Administration, Commerce,
Requires discussion
and Transport. The United Nations EDI standard.
ARM_INT_030
Mandatory
ARM_INT_031
model.
Mandatory
January 2016
Standard ID
ARM_INT_032
Standard
Classification
Mandatory
ARM_INT_033
Mandatory
data modeling for relational data bases.
ARM_INT_034
Mandatory
structure of XML documents and for specifying datatypes for attribute values
ARM_INT_035
Recommended
standard.
ARM_INT_036
Recommended
ARM_INT_037
Requires discussion
January 2016
4.
Te h olog a hite tu e sta da ds
4.1
“e i e
a age e t
Standard ID
Category/ Components
Standard
Classification
TRM.SRV.001
Internet and Intranet Access
Use Hypertext Transfer Protocol (HTTP)
Mandatory
Browser/Mobile-Browser
or Secured Hypertext Transfer Protocol
(HTTPS) for access over Internet/ Intranet.
TRM.SRV.002
Use Hypertext Markup Language (HTML).
Mandatory
Use Extensible Hypertext Markup language
Recommended
(XHTML) as the markup language for
TRM.SRV.003
creating web applications wherever
possible.
XHTML is a family of XML markup languages
that mirror or extend versions of the
existing widely used Hypertext Markup
Language
(HTML). The only essential difference
between XHTML and HTML is that XHTML
must be well formed XML while HTML does
not impose strict XML compliance.
TRM.SRV.004
Use Simple Mail Transfer Protocol (SMTP) as
Electronic Mail (Email)
the standard protocol used for mail
Mandatory
exchange amongst clients and servers.
BCC has established the email systems for
Government of Bangladesh officers and it is
essential for all Government officers to
leverage the infrastructure instead of using
private email service providers considering
information security.
TRM.SRV.005
Use Hypertext Transfer Protocol Secure
Access Protocols
(HTTPS) for transactions that need to be
secured over the Internet.
Avoid use of transactional e-services unless
these e-services are authenticated and
encrypted.
ttp://w3.org/TR/xhtm
Mandatory
January 2016
Standard ID
Standard
Classification
TRM.SRV.006
Use Wireless Access Protocol (WAP) as the
Recommended
Access Protocols
mobile Internet technology which allows
mobile phone access to Internet sites.
WAP is an open international standard for
application layer network communications
in a wireless communication environment.
Its main use is to enable access to Mobile
Web from a mobile phone or PDA.
TRM.SRV.007
TRM.SRV.008
TRM.SRV.009
TRM.SRV.0010
TRM.SRV.0011
Use Wireless Transport Layer Security
Access Protocols
(WTLS) for micro browsers.
Telephony
There is no technical standard for
Short Message Service (SMS)
compliance.
Telephony
Interactive Voice Response (IVR)
compliance.
Telephony
Facsimile (Fax)
compliance.
Support latest versions of widely adopted
browser(s) including
Recommended
N.A.
N.A.
N.A.
Mandatory
Internet Explorer (IE) – version 6
Chrome
FireFox
Safari
Opera etc.
TRM.SRV.0012
The browser shall support security controls
such as download Active Controls, Java
Recommended
permissions, cache deletion, disable
cookies, HTTPS and SSL.
TRM.SRV.0013
Provide multiple modes of accessing
government services (e.g. kiosks and mobile
Recommended
phone).
TRM.SRV.0014
Telephony
Implement IVR system as an alternative
Interactive Voice Response (IVR)
to Browser for access to government
Recommended
services.
4.2
Platfo
s
Standard ID
Standard
Classification
January 2016
Standard ID
Standard
Classification
TRM.PLA.001
Servers
N.A.
Processor, Operating System (OS),
compliance.
Random Access Memory (RAM), Hard
Use rack-optimised server for efficient
Disk (HDD), Load Balancer
space management.
Servers
Use High-end servers to support critical
business operations.
TRM.PLA.002
Recommended
Use Low-end servers for simple non-critical
business operations.
TRM.PLA.003
Servers
Support virtualisation technologies and
Operating System (OS)
allow multiple operating system instances
Recommended
concurrently on a single physical server.
TRM.PLA.004
Clients
compliance.
N.A.
TRM.PLA.005
Clients
Use portable computers where possible to
enhance mobility and productivity.
Recommended
Disk (HDD)
TRM.PLA.006
Clients
Ensure operating system is certified and
Operating System (OS)
designed to run under the vendor hardware
Recommended
platform. Please refer to the enterprise
licensing agreement for client operating
system established by ITA for agencies.
TRM.PLA.007
TRM.PLA.008
Peripherals
Peripheral Devices
compliance.
Storage and Backup
Support fibre channel for concurrent
Storage Area Network (SAN)/
communication among workstations,
Networked Attached Storage
servers and other peripherals for Storage
(NAS)
Area Network (SAN) and Direct Attached
N.A.
Recommended
Storage (DAS).
TRM.PLA.009
Storage and Backup
Support Ethernet (IEEE 802.3) for NAS.
Recommended
Storage and Backup
Support Common Internet File System
Recommended
(CIFS) for file sharing for NAS.
(NAS)
TRM.PLA.010
(NAS)
TRM.PLA.011
Storage and Backup
Support Network Data Management
Protocol (NDMP) for controlling backup,
(NAS)
recovery, and other transfers of data
between primary and secondary storage for
NAS.
Recommended
January 2016
Standard ID
Standard
Classification
TRM.PLA.012
Storage and Backup
Support Network File System (NFS) for
Recommended
distributed file system for NAS.
(NAS)
TRM.PLA.013
Storage and Backup
Support Internet Small Computer System
Storage Area Network (SAN)
Interface (iSCSI) to provide block-level
Recommended
access to remote devices for SAN.
TRM.PLA.014
TRM.PLA.015
Storage and Backup
Support Fibre Channel over TCP/IP (FCIP) for
connecting remote FC SANs.
Storage and Backup
Backup System
compliance. Please refer to Architecture
Recommended
NA
Design Considerations or Best Practices for
more information.
TRM.PLA.016
Platform Management and
Support Directory Enabled Networking
Security
(DEN) to map service and policy to
Server Management/ Client
directory.
Recommended
Management
TRM.PLA.017
Support Desktop Management Interface
Security
(DMI) standards to collect information
Client Management
about a computer environment for desktop
Recommended
management.
TRM.PLA.018
Support Web-Based Enterprise
Security
Management (WBEM) to enable server
Server Management
management through web-enabled
Recommended
application.
TRM.PLA.019
TRM.PLA.020
Support Alert Standard Format (ASF) to
Recommended
Security
define OS-absent alerting for preventive
Server Management
monitoring.
Support hardened operating system.
Recommended
Support Trusted Platform Module (TPM) for
Recommended
Security
authenticating mobile computing device.
Security
Platform Security
TRM.PLA.021
Platform Security
TRM.PLA.022
Storage and Backup
Use SAN for enterprise storage solution.
Please refer to Paragraph 4.6.4(a) for SAN
Recommended
solution guidance.
TRM.PLA.023
Storage and Backup
Implement enterprise-wide backup
Backup System
solution. Please refer to Paragraph 4.6.4(a)
for backup solution guidance.
Recommended
January 2016
4.3
Net o ks
Standard ID
Standard
Classification
TRM.NW.001
WAN, LAN, WLAN
Use TCP/IP as standard network protocol for
Mandatory
All technology components
all government agencies.
WAN, LAN, WLAN
All devices in LAN and WAN infrastructure
shall support IPv6 standards (128 bits for
TRM.NW.002
Recommended
addressing).
TRM.NW.003
TRM.NW.004
WAN
Support Open Shortest Path First (OSPF,
Network Communication Devices
OSPF2, Multi-path OSPF) for core switch.
WAN
Support Internet Protocol Security (IPSec)
Network Communication Devices/
for secure exchange packets at IP layer and
Network Security Devices
IKE (Internet Key Exchange) for key
Recommended
Recommended
exchange.
TRM.NW.005
TRM.NW.006
TRM.NW.007
TRM.NW.008
TRM.NW.009
WAN
Support Secure Sockets Layer (SSLv3) for
mutual authentication between a client and
server.
WAN
Support SSH for secure remote login, secure
file transfer and secure TCP/IP and X11
forwarding.
WAN
Support IEEE 802.11i to enhance 802.11
Medium Access Control (MAC) for higher
security and authentication mechanisms.
WAN
Certified to Common Criteria EAL-4
(Evaluation Assurance Level) for firewall.
WAN
Authenticate using two factor
authentication methods such as Token or
Recommended
Recommended
Recommended
Recommended
Recommended
One-time Password (RFC 2289).
TRM.NW.010
TRM.NW.011
TRM.NW.012
WAN
Support Multi-Protocol Label Switching
Transport Method
(MPLS).
WAN
Support H.320 for audio, video and graphical
Transport Method
communications.
LAN
Support any of the following:
Network Communication
(a) IEEE 802.3u-100Base T (for Fast
Devices / Network Interface Card
Ethernet over twisted pair cables)
(NIC)
(b) IEEE 802.3u-100BaseFx (for fast
Mandatory
Recommended
Mandatory
Ethernet over optical fibre)
(c) IEEE 802.3ab (1 Gbps over Cat5e/6
cabling system)
(d) IEEE 802.3z (for Gigabit Ethernet over
fibre and cable).
TRM.NW.013
LAN
Support Dynamic Host Configuration
Protocol (DHCP) for dynamic IP addresses
Devices
assignment to devices.
Mandatory
January 2016
Standard ID
Standard
Classification
TRM.NW.014
LAN
Support IEEE 802.1w (Rapid Spanning Tree
Recommended
Protocol) to provide rapid reconfiguration
Devices
capability.
LAN
Support IEEE 802.3ad for link aggregation
for edge switch.
TRM.NW.015
Recommended
Devices
TRM.NW.016
TRM.NW.017
LAN
Support IEEE 802.3x to define full duplex
operation and flow control on 100Mbps
Devices
Ethernet network for edge switch.
LAN
Support Virtual Router Redundancy
Protocol (VRRP) to eliminate the single
Devices
point of failure inherent in the static default
Recommended
Recommended
routed environment for core switch.
TRM.NW.018
LAN
Support Differentiated Service (DiffServ) to
provide QoS to the traffic for core switch.
Recommended
Devices
TRM.NW.019
LAN
Support IEEE 802.1q for Virtual LAN
(VLAN).
Recommended
Devices
TRM.NW.020
TRM.NW.021
LAN
Support 1000Base-LH (Long Haul) to provide
gigabit speed over distance between 70 and
Devices
100km.
LAN
Support IEEE802.3af for edge switches
supporting devices which require twisted
Devices
pair cables (e.g. IP Phone Clients and
Recommended
Recommended
wireless LAN access points).
TRM.NW.022
TRM.NW.023
LAN
Support IEEE 802.3ae to support operating
speed of 10Gbps Ethernet over fibre for core
Devices
switch.
LAN
Use Unshielded Twisted Pair (UTP) Category
Structured Cabling System
6 for Structured Cabling System based on
ANSI/TIA/EIA-568-B.2-1.
Recommended
Recommended
January 2016
Standard ID
Standard
Classification
TRM.NW.024
LAN
Use fibre cables to interconnect network
Recommended
devices and backbone connections for
Structured Cabling system as described by
TIA/EIA 568. Multimode fibre is used for
short distance transmissions with LED based
fibre optic equipment. Single-mode fibre is
used for long distance transmissions with
laser diode based fibre optic transmission
equipment.
Physical layer standards for optical fibre are:
(a) Support 1000Base-SX (short
wavelength laser) to provide gigabit
speed over maximum distance of 220m
(for 62.5 micron multimode fibre)
and 550m (for 50 micron multimode
fibre).
(b) Support 1000Base-LX (long wavelength
laser) to provide gigabit speed over
maximum distance of 550m (for 50 and 62.5
micron multimode fibre). upto five km single
mode with 9 micron fibre
TRM.NW.025
LAN
Use Commercial Building
Telecommunications Cabling Standard
Recommended
2001 based on ANSI/TIA/EIA 568–B.
TRM.NW.026
LAN
Use Generic Cabling for Customer Premises
(International Standards) 2002 based on
Recommended
ISO/IEC 11801.
TRM.NW.027
TRM.NW.028
LAN
Use Generic Cabling Systems (CENELEC
Standards) 2002 based on EN 50173.
LAN
Use Generic Universal Cabling Infrastructure
with support voice and data applications
Recommended
Recommended
based on ISO/IEC 11801, ISO/IEC 11801,
14763-1,
14763-2,
14763-3,
IEC 61935-1,
TIA/EIA 568-B,
EN50173,
TIA/EIA 606-A,
IEC332-1
TRM.NW.029
LAN
Use Commercial Building Standard for
Telecommunications Pathways and Spaces
2004.
Recommended
January 2016
Standard ID
Standard
Classification
TRM.NW.030
LAN
Build and install cables based on ISO/IEC
Recommended
18010 standards of Information Technology
– Pathways and Spaces for Customer
Premises Cabling.
TRM.NW.031
TRM.NW.032
TRM.NW.033
LAN
Test cables after installation based on TIA/
EIA-568-B and IEC 61935 standards.
LAN
Support Class 1 or Class 3 (excluding Class
Free Space Optics (FSO)
3B) laser for FSO.
WLAN
Implement WLAN that supports any of the
following standards:
Recommended
Recommended
Mandatory
(a) Wi-Fi Protected Access (WPA)
(b) WPA2
(c) Advanced Encryption Standard (AES)
(d) Mobile Virtual Private Networks (VPNs).
TRM.NW.034
WLAN
Support IEEE 802.11a for 54 Mbps high
Wireless Access Point (AP)/
speed wireless LAN and 5 GHz range.
Recommended
Access Controller
TRM.NW.035
WLAN
Support IEEE 802.11g for 54 Mbps high
speed wireless LAN and 2.4 GHz range.
Recommended
Access Controller
TRM.NW.036
TRM.NW.037
WLAN
Support IEEE 802.11n for 54 Mbps high
speed wireless LAN up to 600 Mbps (with
Access Controller
2.4 GHz and 5 GHz range).
IP Telephony and Video
Support H.323 for converting between voice
Conferencing
and data transmission formats and for
IP-Telephony Gateway
managing connections between telephony
Recommended
Recommended
endpoint and Real-Time Transport Protocol
(RTP).
TRM.NW.038
Support H.248 for controlling media
Conferencing
gateways on Internet Protocol (IP) network
and Public Switched Telephone Network
Recommended
(PSTN).
TRM.NW.039
Support RTP for end-to-end network
Conferencing
transmission of real-time data, such as
audio, video or simulation data, over
Recommended
multicast or unicast network services.
TRM.NW.040
Support Real Time Streaming Protocol
Conferencing
(RTSP) for control over the delivery of data
with real-time properties.
Recommended
January 2016
Standard ID
Standard
Classification
TRM.NW.041
Support H.263 for compression algorithm
Recommended
Conferencing
and optimization for lower data rates.
TRM.NW.042
Use Session Initiation Protocol (SIP) to
Conferencing
manage IP telephony sessions.
IP-Telephony Gateway/ IP Phone
SIP is an application-layer control (signalling)
Client
protocol for creating, modifying, and
Recommended
terminating sessions with one or more
participants. These sessions include Internet
telephone calls, multimedia distribution,
and multimedia conferences.
TRM.NW.043
Network Management
Use Simple Network Management
Fault Management /
Protocol (SNMP) v2 and above as the main
Performance Monitoring and
management protocol suite.
Recommended
Management
TRM.NW.044
Use IP Telephony where possible.
Recommended
Use video conferencing system for
Recommended
Conferencing
collaboration where possible.
Conferencing
TRM.NW.045
IP-Telephony Gateway/ IP Phone
Client
TRM.NW.046
Network Management
Use network management tools to manage
Fault Management /
LAN.
Recommended
Performance Monitoring and
Management
4.4
Data e te
Standard ID
Standard
Classification
TRM.DC.001
Physical Site Layout, Cabling
Design data center in accordance to TIA
Recommended
Infrastructure, Tiered Reliability,
942 standards.
Environmental Factors
TRM.DC.002
Physical Site Layout
Design data center with ample space for
All physical rooms and areas
expansion to meet the growing demands.
within the data center
Locate the data center at a physically safe
area.
Recommended
January 2016
Standard ID
Standard
Classification
TRM.DC.003
Implement 24/7 physical security
Recommended
All physical rooms and areas within
monitoring through CCTV Surveillance
the data center
Monitoring (e.g.
Closed-circuit television (CCTV) /Automated
Security Intrusion Alarm/Biometric/Motion
Detector) with minimally an intrusion
response exercise annually.
TRM.DC.004
Standardize use of 19-inch 42U racks which
Computer/Server Room
aids better cabling management and for
Mandatory
cold/ hot air aisle efficiency.
All racks should have perforated doors for
front and back for front-in and back-out
cross-air movement.
TRM.DC.005
Install man-trap access to computer
Computer/Server Room
room as an additional barrier to prevent
Recommended
unauthorized access to the computer room.
TRM.DC.006
Conduct a risk assessment before building
or implementing a data center. Implement
appropriate controls to mitigate identified
Mandatory
risks.
TRM.DC.007
Separate the location of disaster recovery
site from the primary data center.
Mandatory
TRM.DC.008
TRM.DC.009
Ensure smoke detection and fire
suppression systems are in place and tested
on periodic basis.
Design data center with ample space for
growth.
Mandatory
Recommended
TRM.DC.010
Locate the data center at a physically safe
area.
Recommended
TRM.DC.011
TRM.DC.012
Cabling Infrastructure
Use Fibre Optic Cable (FOC) for backbone
Recommended
Backbone Cabling
cabling.
Cabling Infrastructure
Use Category 6 for horizontal cabling.
Recommended
Tiered Reliability
Design and operate at minimum Tier II and
Recommended
Data Centre Tiers
where possible to have Tier III data center
Horizontal Cabling
TRM.DC.013
or higher.
TRM.DC.014
Carry out a detailed capacity requirements
Power/Cooling
study for space, power and cooling.
Recommended
January 2016
4.5
Standard ID
Standard
TRM.DC.015
I ple e t hot a d
Cooling
effective cooling.
Classification
old aisle setup fo
Recommended
Cloud
Standard ID
Standard
Classification
Authentication and Authorization
TRM.CLO.001
RFC 5246 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS)
Recommended
TRM.CLO.002
RFC 3820: X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile
Recommended
TRM.CLO.003
RFC5280: Internet X.509 Public Key Infrastructure Certificate and
Recommended
Certificate Revocation List (CRL) Profile
TRM.CLO.004
RFC 5849 OAuth (Open Authorization Protocol)
Recommended
TRM.CLO.005
ISO/IEC 9594-8:2008 | X.509
Recommended
Information technology -- Open Systems Interconnection -- The Directory: Publickey
and attribute certificate frameworks
TRM.CLO.006
ISO/IEC 29115 | X.1254
Recommended
Information technology – Security techniques -- Entity authentication
assurance framework
TRM.CLO.007
OpenID Authentication
Recommended
TRM.CLO.008
eXtensible Access Control Markup Language (XACML)
Recommended
TRM.CLO.009
Security Assertion Markup Language (SAML)
Recommended
TRM.CLO.010
RFC 5246 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS)
Recommended
TRM.CLO.011
Key Management Interoperability Protocol (KMIP)
Recommended
TRM.CLO.012
XML Encryption Syntax and Processing
Recommended
XML signature (XMLDSig)
Recommended
TRM.CLO.014
Service Provisioning Markup Language (SPML)
Recommended
TRM.CLO.015
Web Services Federation Language (WSFederation) Version 1.2
Recommended
TRM.CLO.016
WS-Trust 1.3
Recommended
TRM.CLO.017
Security Assertion Markup Language (SAML)
Recommended
TRM.CLO.018
OpenID Authentication 1.
Recommended
Confidentiality
Integrity
TRM.CLO.013
Identity management
Security Monitoring and Incident Response
January 2016
Standard ID
Standard
Classification
TRM.CLO.019
ISO/IEC WD 27035-1 Information technology -- Security techniques -- Information
Recommended
security incident management -- Part 1: Principles of incident management
TRM.CLO.020
ISO/IEC WD 27035-3 Information technology -- Security techniques -- Information
Recommended
security incident management -- Part 3: Guidelines for CSIRT operations
TRM.CLO.021
ISO/IEC WD 27039; Information technology -- Security techniques -- Selection,
Recommended
deployment and operations of intrusion detection systems
TRM.CLO.022
ISO/IEC 18180 Information technology - Specification for the Extensible
Recommended
Configuration Checklist Description Format (XCCDF) Version 1.2 (NIST IR 7275)
TRM.CLO.023
X.1500 Cybersecurity information exchange techniques
Recommended
TRM.CLO.024
X.1520: Common vulnerabilities and exposures
Recommended
TRM.CLO.025
X.1521 Common Vulnerability Scoring System
Recommended
TRM.CLO.026
PCI Data Security Standard
Recommended
TRM.CLO.027
Cloud Controls Matrix Version 1.3
Recommended
TRM.CLO.028
ISO/IEC 27001:2005 Information Technology – Security Techniques Information
Recommended
Security Controls
Security Management Systems Requirements
TRM.CLO.029
ISO/IEC WD TS 27017 Information technology -- Security techniques -- Information
Recommended
security management - Guidelines on information security controls for the use of
cloud computing services based on ISO/IEC 27002
TRM.CLO.030
ISO/IEC 27018 Code of Practice for Data Protection Controls for Public Cloud
Recommended
Computing Services
TRM.CLO.031
ISO/IEC 1st WD 27036-4 Information technology – Security techniques –
Recommended
Information security for supplier relationships – Part 4: Guidelines for security of
cloud services
Security Policy Management
TRM.CLO.032
ISO/IEC 27002 Code of practice for information security management
Recommended
TRM.CLO.033
eXtensible Access Control Markup Language (XACML)
Recommended
ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and
Recommended
Availability
TRM.CLO.034
operational continuity management
Service interoperability
TRM.CLO.035
IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP)
Recommended
TRM.CLO.036
IEEE P2302, Draft Standard for Intercloud Interoperability and Federation (SIIF)
Recommended
TRM.CLO.037
Y.3520 Cloud computing framework for end to end resource management (ITU)
Recommended
TRM.CLO.038
OASIS Cloud Application Management Platform (CAMP)
Recommended
TRM.CLO.039
OASIS Topology and Orchestration Specification or Cloud Applications
Recommended
(TOSCA),Version 1.0 Committee Specification Draft 06 / Public Review Draft 01
January 2016
Standard ID
Standard
Classification
TRM.CLO.040
Open Cloud Computing Interface (OCCI)
Recommended
January 2016
5.
“e u it sta da ds
Sr #
Standards
Description
1
ISO 27001
Information security management
2
ISO 20000
Service management system (SMS)
3
ISO 22301
Business Continuity Management
4
NIST SP 800-12
Computer security and control
5
NIST SP 800-14
Security principles
6
NIST SP 800-26
IT Security
7
NIST SP 800-37
Guide for Applying the Risk Management Framework
8
NIST SP 800-53 rev4
Security and Privacy Controls
9
PCI DSS
Payment Card Industry Data Security Standard for management of credit cards
10
COBIT
Control Objectives for Information and related Technology (COBIT) - information security
framework
11
SABSA
Enterprise security architecture framework
12
SOX
Sarbanes-Oxley Act of 2002 (SOX) act is also known as the public company accounting reform
and investor protection act. SOX requirements indirectly compel management to consider
information security controls on systems across the organization in order to comply with SOX.
13
ITIL – Security
management
based on ISO 17799—is of particular relevance to the application of the information security
principles
January 2016
6.
Mo ile se i e deli e
6.1
platfo
sta da ds
Appli atio De elop e t Te h ologies fo Mo ile De i es
PLATFORM
Windows Phone
TOOLS /
TECHNOLOGY
PROGRAMMING
LANGUAGE
Microsoft Visual
Visual C#, Visual Basic,
Studio IDE
or Visual C++
MOBILE STORE
Microsoft App Store
REFERENCE
https://www.microsoft.com/en
-gb/store/apps/windowsphone
Microsoft .NET
Compact Framework
Android
Android SDK
(Android Studio IDE),
NDK,
Java
Google Play Store
https://play.google.com/store/
search?q=bangladesh&c=apps
&hl=en
iOS
Xcode IDE,
Swift, Objective-C
App Store
http://www.apple.com/itunes/
charts/free-apps/
The sections below details each of the tools, technologies and languages indicated in the table above.
6.1.1.1 Wi do s Pho e
STANDARD
Microsoft .NET
Compact
Framework
Microsoft Visual
Studio IDE
Visual C#, Visual
Basic, or Visual
C++
DESCRIPTION
The Microsoft .NET Compact Framework (.NET CF)
is a version of the .NET Framework that is designed
to run on Windows CE based mobile/embedded
devices such as PDAs, mobile phones, factory
controllers, set-top boxes, etc. The .NET Compact
Framework uses some of the same class libraries
as the full .NET Framework and also a few libraries
designed specifically for mobile devices such as
Windows CE InputPanel.
Microsoft Visual Studio is an integrated
Development Environment (IDE) created by
Microsoft and is used to develop computer
programs for Microsoft Windows and web sites,
web applications and web services.
Visual C# is an implementation of the C# language
by Microsoft. Visual Studio supports Visual C# with
a full-featured code editor, compiler, project
templates, designers, code wizards, a powerful and
easy-to-use debugger, and other tools. The .NET
Framework class library provides access to many
operating system services and other useful, welldesigned classes that speed up the development
cycle significantly.
COMPONENT
REFERENCES
Technology
Microsoft .NET Framework
http://msdn.microsoft.com/enus/netframework/aa497273.aspx
Tool
https://www.visualstudio.com/
Language
https://msdn.microsoft.com/enus/vstudio/hh341490.aspx
6.1.1.2 A d oid
STANDARD
DESCRIPTION
COMPONENT
REFERENCES
January 2016
Android Software
Development
ToolKit (SDK)
Native
Development
ToolKit (NDK)
Java
The android SDK includes a comprehensive list of
development tools including a debugger, libraries,
emulator, documentation, tutorial and sample
code. Android studio is the official IDE, however
the framework allows developer to user other
IDEs (IntelliJ IDEA, NetBeans IDE).
The NDK may be best described as a companion
tool to the SDK which allows for implementing
parts of the code using native code languages
such as C and C++. It is based on command-line
tools and requires invoking them manually to
build, deploy and debug the apps. It is normally
suggested for usage in CPU intensive applications
such as game engines, signal processing and
physics simulation
Java is a class-based, object-oriented computer
programming language that is designed to be
platform independent and secure. The Android
SDK relies heavily on standard Java libraries (data
structure, math, graphics, networking, etc.)
Technology /
https://en.wikipedia.org/wiki/Andro
Framework
id_Studio
Technology /
http://developer.android.com/tools
Framework
/sdk/ndk/index.html
Language
http://www.java.com/en/about/
6.1.1.3 iO“
STANDARD
XCode
DESCRIPTION
Xcode is Apple's powerful integrated development
environment for creating apps for Mac, iPhone, and
iPad. Xcode includes the Instruments analysis tool,
iOS Simulator, and the latest SDKs for iOS and OS X.
COMPONENT
REFERENCES
Tools (IDE)
https://developer.apple.com/xcode/
Language
https://developer.apple.com/library
The Xcode interface seamlessly integrates code
editing, UI design with Interface Builder, testing, and
debugging, all within a single window. The embedded
Apple LLVM compiler underlines coding mistakes as
you type, and is even smart enough to fix the
problems automatically.
Objective-C
Objective-C is a general-purpose, object-oriented
programming language primarily used for writing
soft a e fo O“X a d iO“. It’s a supe set of the C
programming language and provides object-oriented
capabilities and a dynamic runtime. Objective-C
inherits the syntax, primitive types, and flow control
statements of C and adds syntax for defining classes
and methods. It also adds language-level support for
object graph management and object literals while
providing dynamic typing and binding, deferring many
responsibilities until runtime.
Objective-C is inherent in iOS SDK.
/mac/documentation/Cocoa/Conce
ptual/ProgrammingWithObjectiveC/
Introduction/Introduction.html
January 2016
Swift is a new programming language for writing iOS,
OS X, watchOS, and tvOS apps that builds on the best
of C and Objective-C. Swift adopts safe programming
patterns and adds modern features to make
programming easier, more flexible, and more secure.
SWIFT is a multi-paradigm, compiled programming
language created by Apple Inc. for iOS, OS X, watchOS
and tvOS development. Swift is intended to be more
resilient to erroneous code, with a faster compiler
and new Fix-it suggestions, while being faster, more
expressive and easier to understand for the
developer. It also sports syntax improvements
providing greater control and flow over the code and
allows for interoperability with Objective-C. It is built
with the LLVM compiler framework included in Xcode
6 and later and uses the Objective-C runtime,
allowing C, Objective-C, C++ and Swift code to run
within a single program.
Objective-C is in inherent in iOS SDK (XCode) and
would be made available Open Source supporting
iOS, OS X and Linux.
SWIFT
6.1.1.4 C oss-Platfo
STANDARD
DESCRIPTION
CSS is a style sheet language used for describing
the presentation of a document written in
mark-up language. It helps describe how
elements are rendered on screen, paper or
other media. CSS in conjunction with HTML and
JS is used to create web pages, web applications
and user interfaces for many mobile
applications
CSS
JavaScript is a scripting language developed by
Netscape. It is easier and faster to code in
scripting languages than in structured and
compiled languages such as C and C++.
Additionally JavaScript code can be embedded
in the HTML pages and interpreted by the
browser at run-time.
JavaScript
Mobile application
development
framework
Co
https://developer.apple.com/swift/
id
HTML5 is a markup language used for
structuring and presenting content on the
World Wide Web. It was finalised and published
by the W3C in Oct 2015. It is designed primarily
to design web pages and addresses many of the
concerns faced on older versions. It also has the
ability to render multimedia without requiring
plug-ins and is an open standard supported by
all modern browsers.
HTML5
6.1.2
/H
Language
A multiple phone web-based application
framework is a software framework that is
designed to support the development of phone
applications that are written as embedded
dynamic websites and may leverage native
phone capabilities, like geo data or contact lists.
There are multiple third party frameworks
available such a s- Apache Cordova, Monaca,
kindo ui, Sencha Touch
COMPONENT
Language
REFERENCES
http://www.w3schools.com/html/ht
ml5_intro.asp
Language
http://www.w3schools.com/css/
Language
http://www.w3schools.com/js/
Framework
https://cordova.apache.org/
u i atio Te h ologies fo Mo ile De i es
https://www.sencha.com/products/
touch/
January 2016
STANDARD
DESCRIPTION

Profile

APPLICABILITY
REFERENCES
XHTML Mobile Profile (XHTML MP) is
Communication
XHTML Mobile Profile -
the standard language for mobile web
Technologies For
http://www.openmobilealliance.org
development.
Mobile Devices
/tech/affiliates/wap/wap-277-
XHTML MP is an XHTML variant. It offers
xhtmlmp-20011029-a.pdf
richer presentation and is very similar to
HTML. XHTML MP is built on top of
XHTML Basic.


This is the language used for WAP2.0
The potential for NFC applications and
Communication
Communication
products is broad and deep, whether
Technologies For
Interface and
leveraging the promise of peer-to-peer
Mobile Devices
Protocol
Bluetooth communications, developing
http://www.nfcforum.org/news/pr/view?item_key=
4b07b8986013c08c68a8ef4fa128b6
791c2df8df
http://www.nfcforum.org/specs/spec_list/
payment system applications, or creating the
chips that will enable upcoming NFC-based
products.

contactless standards dilemma. NFC is a
technology standard that harmonizes and
Interface and Protocol-1 (NFCIP-1)
o http://www.ecmainternational.org/publications/stand
ards/Ecma-340.htm
o
http://www.iso.org/iso/iso_catalogu
e/catalogue_tc/catalogue_detail.ht
m?csnumber=38578
extends existing contactless standards.

leading consumer electronics (CE) and mobile
device manufacturers, semiconductor
producers, network operators, developers,
service companies, and financial institutions.

Interface and Protocol-2 (NFCIP-2)
o http://www.ecmainternational.org/publications/stand
ards/Ecma-352.htm
o
http://www.iso.org/iso/iso_catalogu
e/catalogue_tc/catalogue_detail.ht
m?csnumber=56855
one technology that supports leading global
contactless technologies and applications. By
http://www.iso.org/iso/catalogue_d
integrating NFC, devices can support and
etail.htm?csnumber=58023
interoperate with existing contactless card
applications and infrastructures such as
access control, payment, and transport.

that are only possible with the union of
contactless technology and CE devices.
January 2016
Short Message

Service
SMS enables a user to send and receive Short
Communication
http://webstore.ansi.org/RecordDet
Messages (SMs) to and from another user.
Technologies For
ail.aspx?sku=ISO/IEC+21989:2002

Mobile Devices
Service Centre functionality described in
http://www.tiaonline.org/standards
ISO/IEC 21989:2002 is equal to the
/technology/cdma2000/documents/
functionality of a Service Centre in GSM
TIA-EIA-637-A.pdf
03.40. Thus, for interoperability with a GSM
network, it is only necessary to implement a
QSIG interface.

ations are
produced in three stages, according to the
method described in ETS 300 387. ISO/IEC
21989:2002 contains the stage 1 and stage 2
specifications of SMS. The stage 1
specification specifies the service as seen by
users of PISNs. The stage 2 specification
identifies the functional entities involved in
the service and the information flows
between them.
Unstructured

USSD is a communication protocol used by
Communication
http://www.3gpp.org/DynaReport/0
Supplementary
GSM cellular telephones to communicate with
Technologies For
230.htm
Service Data
the MNO.
Mobile Devices
(USSD)


USSD can be used in various ways:-
290.htm

To provide Mobile money services

Menu-driven information services
390.htm

Location based content services

Mobile polling, etc.
USSD messaging establishes a real-time
connection enabled /activated for the specific
session and allows for a two-way exchange of
data between MNO and cellular user.
6.1.3
De elop e t Tools fo Mo ile De i es
STANDARD
Apache Mobile
DESCRIPTION

Filter
APPLICABILITY
REFERENCES
Apache Mobile Filter is an open-source
Development Tools for
http://www.apachemobilefilter.org/
project distributed under the GNU Public
Mobile Devices
License which includes a suite of tools that
allow access to a Device Description Library
(such as WURFL, DetectRight, 51Degrees and
others) directly from Apache.

Main features are:
Device detection

Image rendering

Mobile switcher
January 2016

WURFL is a Device Description Repository
Development Tools for
http://www.scientiamobile.com/
Universal
(DDR), i.e. a framework that enables
Mobile Devices
http://wurfl.sourceforge.net/
Resource File /
applications to map HTTP requests to a
https://51degrees.com/device-
DetecRight /
description of the capability of the mobile
detection
51Degrees
device that requests the page. In this regard,
WURFL pre-dates the time when the DDR
term was coined and could arguably be
characterized as the first DDR. In the last
year, WURFL role has expended from being a
DDR for mobile devices to being a framework
to detect every HTTP client worth
recognizing.

application to:

programmatically abstract away
devices differences

avoid the need to modify
applications whenever a new
device ships

avoid the need to track new
devices on the market

and the API to tap that information
programmatically.
January 2016
6.2
Mo ile Appli atio De elop e t “ta da ds
6.2.1
Mo ile Appli atio “ta da ds
6.2.1.1 Data P ote tio & P i a
Related “ta da ds
STANDARD ID
STANDARD
CLASSIFICATION
MSDP.DPP.1.
An application must explicitly state to the user,
Mandatory
i.
the information that an application will access, collect, use, store and
share; and
ii.
For what specific purpose the information is being used.
before using the application.
MSDP.DPP.2.
The user must be made aware of the identity of the entity which will collect
Mandatory
or use personal information in the scope of usage of the application and
he/she shall be able to contact the entity which owns the application.
MSDP.DPP.3.
The application should proactively provide the users with a mechanism to
Mandatory
access and rectify any personal information of the users, supplied by the
users and stored & used by the application.
MSDP.DPP.4.
The application should seek to minimise data collection from the user and
use this pe so al i fo
atio
Mandatory
ithi the a ge of use ’s e pe tatio s a d fo
legally permitted business/service purposes.
MSDP.DPP.5.
The application shall proactively provide users with the information of non-
Mandatory
obvious or secondary uses (including sharing of data with third parties,
storage of data immediately after use such as location), of personal
information of the users which has been captured and provide users with a
mechanism to grant or withdraw consent.
MSDP.DPP.6.
The application shall allow the users with opportunities to determine the
Mandatory
nature and frequency of user authorisation prompts in order to enhance
their privacy experience.
MSDP.DPP.7.
The application shall proactively notify users about any change in the
Mandatory
information collection and usage mechanism of the application prior to the
change being applied.
MSDP.DPP.8.
The application should provide the users with adequate information
Mandatory
regarding the privacy settings and implications with regards to the
application.
MSDP.DPP.9.
The appli atio should p oa ti el e su e o tai i g use s’ o se t fo
Mandatory
registration and mapping to social networks.
MSDP.DPP.10.
The application should proactively inform the user about the privacy
Mandatory
settings, specifically how their personal information may be made
visible/searchable to the public.
MSDP.DPP.11.
The application must adhere to country/geography specific policies relating
to security of children including publishing contact details or location
Mandatory
January 2016
MSDP.DPP.12.
The application should allow the user to delete the profile or uninstall
Mandatory
mobile application following which the personal information and content
related to the specific user must be completely removed.
6.2.1.2 Data “e u it “ta da ds
STANDARD ID
STANDARD
CLASSIFICATION
MSDP.DSS.1.
The application shall ensure that each unique identifier is associated with the
Mandatory
rightful user of the application and ensure the active management and
maintenance of such identifiers
MSDP.DSS.2.
The application shall ensure that the personal information of the users which
Mandatory
is being used and stored is being appropriately secured and protected from
unauthorised access and disclosure
MSDP.DSS.3.
The application shall ensure, at a minimum, two-factor authentication for
Mandatory
identity verification and validation involving communication with a service.
MSDP.DSS.4.
The application shall establish/demarcate data retention and deletion
Mandatory
periods commensurate to the business need or legal obligation.
6.2.1.3 Ad-“uppo ted Mo ile Appli atio “ta da ds
STANDARD ID
STANDARD
CLASSIFICATION
MSDP.ASM.1.
When an application is ad-supported, said application should proactively
Mandatory
inform users about advertising features before the application is downloaded /
installed.
MSDP.ASM.2.
An ad-supported application must proactively seek consent from the user
Mandatory
regarding targeted advertisements before downloading/installation of the
appli atio o the use ’s de i e.
MSDP.ASM.3.
The targeted advertisement may be done based on information which has
Mandatory
been collected to fulfil/serve the primary purpose of the application
MSDP.ASM.4.
The appli atio should ot pe fo
u autho ized a ess of use ’s o ta ts o
Mandatory
send viral marketing messages to the contacts without the users consent.
MSDP.ASM.5.
The application should ensure that the advertising content must be suitable to
Recommended
the target age range. This is especially critical for applications which allow users
of a young age.
6.2.1.4 Lo atio “ta da ds
STANDARD ID
STANDARD
CLASSIFICATION
January 2016
MSDP.LOC.1.
The application must inform the user how the application will access, collect,
use a d sto e use s’ lo atio i fo
atio a d ho the appli atio
Mandatory
ill e
sharing this information with and for what purpose. The application also must
seek active consent from the user regarding usage of this location data. If the
location data is used only at the instance of initiating the application due to
some service based on this location the user need not be provided with
detailed privacy related information and no consent from the user may be
sought.
I the e e t of the appli atio
MSDP.LOC.2.
etai i g the histo
of a use ’s lo atio the use
Mandatory
must be informed about what data is being stored, how long it may be stored
and the purpose of the data retention. The application must also seek active
consent from the user to continue usage of this location information
MSDP.LOC.3.
In the event of the application provides user with advertising or sponsored
Mandatory
results contextualised on the basis of location information the application must
inform the user of the ad-supported nature of the application and seek active
consent of the user.
MSDP.LOC.4.
The application must inform the user, if it uses location data once the
Mandatory
application has been closed, of the continued usage of location information,
remind the user of continued location information being captured and must
stop collecting location data unless actively authorized by the user to do so.
I the e e t of a appli atio auto ati all
MSDP.LOC.5.
oad asti g use s’ lo atio :-
i.
the appli atio
ii.
the location sharing setting turned on must remind/indicate to user
ust seek use s’ o se t fo lo atio
Mandatory
oad asti g,
that the location is being shared,
iii.
Application must allow user to set granularity of location to be shared
(building, street, area, locality, city, etc.)
iv.
Application must allow user to turn off location sharing at any point;
and
v.
Appli atio
ust p e e t use s’ ho ha e ee age e ified to e
children should be prevented from publishing their location
6.2.2
P ese tatio La e “ta da ds
STANDARD ID
STANDARD
CLASSIFICATION
MSDP.PLS.1.
The mobile web authoring specifications authored by W3C should be
Recommended
followed by the mobile application developer.
(http://www.w3.org/standards/techs/mobile#w3c_all )
MSDP.PLS.2.
The mobile application developer should adhere to the device web authoring
Recommended
specifications recommended by W3C.
(http://www.w3.org/standards/techs/deviceindependenceauthoring#w3c_a
ll )
MSDP.PLS.3.
The specifications related to implementation of CSS mobile should be
Recommended
followed. (http://www.w3.org/standards/techs/cssmobile#w3c_all )
MSDP.PLS.4.
The mobile web application best practices should be adhered to.
(http://www.w3.org/TR/2010/REC-mwabp-20101214/ )
Recommended
January 2016
MSDP.PLS.5.
The mobile web application standards for SVG Tiny should be followed.
Recommended
(http://www.w3.org/standards/techs/svgmobile#w3c_all )
MSDP.PLS.6.
The specifications developed by the w3c regarding the use of XHTML for
Recommended
Mobile should be followed.
(http://www.w3.org/standards/techs/xhtmlmobile#w3c_all )
MSDP.PLS.7.
The specifications developed by the w3c regarding the development of
Recommended
mobile web applications should be followed.
(http://www.w3.org/standards/techs/mobileapp#w3c_all )
MSDP.PLS.8.
The specifications developed by the w3c regarding the development of
Recommended
mobile web applications for social development should be followed.
(http://www.w3.org/standards/techs/mw4d#w3c_all )
MSDP.PLS.9.
The specifications developed by the w3c regarding the geospatial standards
Recommended
applicable to mobile application development should be followed
(http://www.w3.org/standards/techs/geospatial#w3c_all )
6.2.3
Data “
h o izatio “e i es “ta da ds
STANDARD ID
MSDP.SYN.1.
STANDARD
The mobile web application should allow for browser based application caching
CLASSIFICATION
Recommended
and made available offline
MSDP.SYN.2.
The mobile or mobile web application should have offline storage to enable faster
Recommended
loading of data.
MSDP.SYN.3.
The mobile application should allow the user to use features in non-availability of
Recommended
data network or internet connection, and changes should get synchronised with
server once network connectivity or internet signal is re-established.
MSDP.SYN.4.
The mobile web application should have local storage to retain local data even
Recommended
when browser is shut down.
MSDP.SYN.5.
The mobile web application should have local database to override existing 5 MB
Recommended
limit of local storage.
MSDP.SYN.6.
The mobile application should communicate, by JSON or XML, using RESTful APIs,
Recommended
with the server.
6.2.4
Mo ile De i e Ma age e t “ta da ds
STANDARD ID
STANDARD
DESCRIPTION
MSDP.MDM.1.
The solution should support Wipe and lock corporate/work data remotely
Recommended
MSDP.MDM.2.
The solution should be able to remove corporate apps only leaving personal data
Recommended
/ apps alone
MSDP.MDM.3.
The proposed solution must be able to control device lock/unlock states
Recommended
MSDP.MDM.4.
The proposed solution must be able to manage SIM Lock status
Recommended
January 2016
MSDP.MDM.5.
The proposed solution must be able to automatically lock the device if SIM is
Recommended
changed
MSDP.MDM.6.
The proposed solution must have an easily configurable password policy that can
Recommended
be set on the managed devices
MSDP.MDM.7.
The proposed solution must be able to carry out remote device wipe
Recommended
MSDP.MDM.8.
The proposed solution must be also be able to carry out a selective wipe of the
Recommended
device data remotely
MSDP.MDM.9.
The proposed solution must be able to lock/unlock the camera using GUI based
Recommended
policies
MSDP.MDM.10.
The proposed solution must be able to define intuitive and user configurable
Recommended
wizard-driven policies to achieve the following functionalities:
1. Internet Browser lock for Open standard devices
2. Lock/Unlock USBs for Open standard devices
3. Block SMS for Open standard devices
4. Push Applications onto the device as per policy
5. Push Documents onto the device as per policy
6. Block documents leak from SD card
7. Block GPRS based on OS configuration capabilities
8. Block and Blacklist Applications
9. Block App Store Access / Downloads
MSDP.MDM.11.
The proposed solution must be able to take remote control of the mobile devices
Recommended
for support activities from a central management location.
MSDP.MDM.12.
1. The proposed solution must support Application Containerization for
Recommended
application pay load
2. The proposed solution must support create enterprise data partition based on
OS vendor
3. The proposed solution must support enterprise-based App stores
MSDP.MDM.13.
The proposed solution must be able at least provide the following notifications
Recommended
from devices controlled by a wizard-based and GUI-driven policy editor:
- Data usage
- Voice and SMS
MSDP.MDM.14.
The proposed mobility management solution must be compatible with the Open
Recommended
Standard Mobile Operating Systems
MSDP.MDM.15.
The proposed solution must be compatible and integrate with Open Standard
Recommended
mailing solutions
MSDP.MDM.16.
The offline healthcare data being stored in the mobile devices are sensitive and
shall be as safe and secure as that in the central server. Hence security standards
same as those in the centralized Database system shall be adopted for mobile
devices as well.
6.2.5
Busi ess “e i es “ta da ds
Recommended
January 2016
STANDARD ID
STANDARD
CLASSIFICATION
MSDP.BSS.1.
Web Services for Remote Portlets (WSRP) (https://www.oasis-open.org/)
Recommended
MSDP.BSS.2.
Business Process Model and Notation (BPMN)
Recommended
(http://www.bpmn.org/)
MSDP.BSS.3.
Content Management Interoperability Services (CMIS) (https://www.oasis-
Recommended
open.org/standards)
MSDP.BSS.4.
ISO/ TC 171 (www.iso.org)
Recommended
MSDP.BSS.5.
Multipurpose Internet Mail Extension (MIME) (www.ietf.org)
Recommended
MSDP.BSS.6.
ISO 19794-4 (www.iso.org)
Recommended
MSDP.BSS.7.
Common Biometric Exchange Formats Framework (CBEFF) (www.iso.org)
Recommended
MSDP.BSS.8.
WS – BPEL 2.0 is an OASIS standard for presenting activities in a business
Recommended
process with web services.
MSDP.BSS.9.
UMLv2.3 is a language for specifying, constructing, and documenting the
Recommended
artifacts of software-intensive systems
MSDP.BSS.10.
SoaML extends the unified modeling language (UML) to enable the modeling
Recommended
and design of services within a service-oriented architecture.
MSDP.BSS.11.
BPMN 2.0 provide a notation that is readily understandable by all business
Mandatory
users, from the business analysts that create the initial drafts of the processes,
to the technical developers responsible for implementing the technology that
will perform those processes, and finally, to the business people who will
manage and monitor those processes.
MSDP.BSS.12.
BPEL4WS - Business process execution language for web services - a language
Recommended
for the specification of business processes and business interaction protocols.
MSDP.BSS.13.
Mandatory
MSDP.BSS.14.
Mandatory
MSDP.BSS.15.
XSLT v2.0 - XSL Transformations - a language for transforming XML documents
Recommended
into other XML documents.
MSDP.BSS.16.
Recommended
MSDP.BSS.17.
Recommended
MSDP.BSS.18.
ISO/IEC 11179-3:2013 for specification and standardization of data / meta data
Recommended
elements.
MSDP.BSS.19.
MSDP.BSS.20.
To be discussed with BCC
and Ministry of Health
Mandatory
MSDP.BSS.21.
Mandatory
information flows.
MSDP.BSS.22.
UN/EDIFACT - Electronic Data Interchange for Administration, Commerce, and
To be discussed with BCC
Transport. The United Nations EDI standard.
and relevant Ministries
January 2016
MSDP.BSS.23.
Mandatory
MSDP.BSS.24.
Mandatory
model.
MSDP.BSS.25.
XSL v1.0 - eXtensible Style sheet Language - A family of recommendations for
Mandatory
describing style sheets for XML document transformation and presentation.
MSDP.BSS.26.
Mandatory
data modelling for relational data bases.
MSDP.BSS.27.
Mandatory
structure of XML documents and for specifying data types for attribute values
MSDP.BSS.28.
Recommended
standard.
MSDP.BSS.29.
Recommended
MSDP.BSS.30.
Requires discussion
MSDP.BSS.31.
Open Office XML - ECMA-376, ISO/IEC 29500 (www.iso.org)
Recommended
MSDP.BSS.32.
NIST 800 – 111
Recommended
MSDP.BSS.33.
LDAP V3
Recommended
MSDP.BSS.34.
ISO 15489 International Standard for Record Management (www.iso.org)
Recommended
MSDP.BSS.35.
OMG PRR
Recommended
MSDP.BSS.36.
ISO 17203 – Open Virtualization Format
Recommended
January 2016
7.
e-GIF sta da ds
7.1
P ese tatio
Standard ID
Standard
Classification
EGIF.PRT.001
WCAG 2.0 guidelines and associated success criteria should be met by all
Recommended
websites and web portals (http://www.w3.org/TR/WCAG20/)
EGIF.PRT.002
7.2
W3C web and mobile guidelines and best practices (http://www.w3.org/Mobile/)
Recommended
Busi ess p o ess i te ope a ilit
Table 1 - Interoperability standards for Business architecture
Standard ID
Standard
Classification
EGIF.BPI.001
WS – BPEL 2.0 is an OASIS standard for presenting activities in a business process
Recommended
with web services.
EGIF.BPI.002
UMLv2.3 is a language for specifying, constructing, and documenting the artifacts
Recommended
of software-intensive systems
EGIF.BPI.003
SoaML extends the unified modeling language (UML) to enable the modeling and
Recommended
design of services within a service-oriented architecture.
EGIF.BPI.004
BPMN 2.0 provide a notation that is readily understandable by all business users,
Recommended
from the business analysts that create the initial drafts of the processes, to the
technical developers responsible for implementing the technology that will
perform those processes, and finally, to the business people who will manage
and monitor those processes.
EGIF.BPI.005
BPEL4WS - Business process execution language for web services - a language for
Recommended
the specification of business processes and business interaction protocols.
7.3
Data e ha ge i te ope a ilit
Standard ID
Standard
Classification
EGIF.DEI.001
Mandatory
EGIF. DEI.002
Recommended
EGIF. DEI.003
XSLT v2.0 - XSL Transformations - a language for transforming XML documents
Recommended
into other XML documents.
EGIF. DEI.004
Recommended
EGIF. DEI.005
An XML and CSV output should be provided for forms data entry.
Mandatory
January 2016
Standard ID
Standard
Classification
EGIF. DEI.006
ISO/IEC 11179-3:2013 for specification and standardization of data / meta data
Recommended
elements.
EGIF. DEI.007
Requires discussion
EGIF. DEI.008
Mandatory
EGIF. DEI.009
Recommended
information flows.
EGIF. DEI.010
UN/EDIFACT - Electronic Data Interchange for Administration, Commerce, and
Requires discussion
Transport. The United Nations EDI standard.
EGIF. DEI.011
Recommended
EGIF. DEI.012
Recommended
model.
EGIF. DEI.013
Recommended
EGIF. DEI.014
ER Diagrams - Entity-Relationship diagram - a diagramming notation used in data
Mandatory
modeling for relational data bases.
EGIF. DEI.015
XML schema Parts 0-2:2001 - An XML-based language for defining the structure
Recommended
of XML documents and for specifying datatypes for attribute values and element
content.
7.4
EGIF. DEI.016
ISO 3166 Code Lists - 2-letter and 3-letter country code representation standard.
Recommended
EGIF. DEI.017
Recommended
EGIF. DEI.018
Requires discussion
“e i es
Table 2 - Interoperability standards for services architecture
Standard ID
Standard
Classification
EGIF.SRV.001
Use of SOAP v1.1/1.2 for web service invocation and communication
Recommended
EGIF. SRV.002
Description of all web services using WSDL V2.0. The web services description
Mandatory
language describes web services in a way that other systems can consume the
services
EGIF. SRV.003
WS-I Basic Profile 1.1 or Web Services interoperability profile is a set of non-
Mandatory
proprietary web services specifications along with clarifications and amendments
to those specifications that promote interoperability.
EGIF. SRV.004
WS-I simple SOAP binding profile v1.0 defines the use of XML envelopes for
transmitting messages and places constraint on their use.
Mandatory
January 2016
Standard ID
Standard
Classification
EGIF. SRV.005
WS-I Attachments Profile 1.0 defines MIME multipart / related structure for
Recommended
packaging attachments with SOAP messages.
EGIF. SRV.006
Registration of all web services using Universal Description, Discovery and
Recommended
Integration (UDDI v3) registry.
EGIF. SRV.007
Use of hypertext transfer protocol (HTTP v1.1) and HTTPS as the application level
Recommended
communications protocol for web services.
EGIF. SRV.008
Use of LDAP v3-compliant directory for authentication, authorization, and
Recommended
storage of identity profiles and ID management information
EGIF. SRV.009
Use of ebXML Message Service Specifications v2.0, ebXML Registry Information
Recommended
Model v3.0 and ebXML Registry Services Specifications v3.0 as an addition to
UDDI registry.
EGIF.SRV.010
Use of SSL v3.0 for encryption
Recommended
EGIF.SRV.011
Use of integration adaptors across organizations
Recommended
EGIF.SRV.012
Selection of adaptors that are certified by the application or middleware solution
Recommended
EGIF.SRV.013
Domain Name Service (DNS) is a service for mapping between domain names and
Mandatory
IP addresses
EGIF.SRV.014
Dublin Core Standard is an extensible metadata element set intended to facilitate
Recommended
discovery of electronic resources.
EGIF.SRV.015
OAI harvesting protocol version 2 from Open Archives Initiative supports access
Under review
to web-accessible material through interoperable repositories for metadata
sharing, publishing and archiving.
EGIF.SRV.016
RDF – Resource Description Framework is a method for specifying syntax of
Under review
metadata used to exchange meta data by W3C
EGIF.SRV.017
ODRLv2.0 – Open Digital Rights Language supports use of digital assets in the
Under review
publishing, distribution and consumption of content, applications and services
EGIF.SRV.018
XrML v2.0 or eXtensible rights Markup Language is XML-based language for
Under review
digital rights management (DRM)
EGIF.SRV.019
OpenGIS® Web Map Service Interface Standard (WMS) for GIS systems
Under review
(http://www.opengeospatial.org/standards/wms)
7.5
“e u it
Table 3 - Interoperability standards for services security architecture
Standard ID
Standard
Classification
EGIF.SEC.001
WS-Security to ensure security of messages transmitted between web services
Mandatory
components
EGIF. SEC.002
WS-I Basic Security Profile Version 1.0 to ensure security of messages transmitted
Recommended
between web services
EGIF. SEC.003
X.509 international standard for digital signature certificates
Mandatory
January 2016
Standard ID
Standard
Classification
EGIF. SEC.004
SAML v1.1 – Security Assertions Markup Language (SAML) is a XML-based
Recommended
framework for web services that enable exchange of authentication and
authorization information.
EGIF. SEC.005
S/MIME ESS Version 3 is a standard that extends the MIME specifications to
Recommended
support signing and encryption of email transmitted across internet
EGIF.SEC.006
XML-DSIG is a XML compliant syntax used for representing the signature of web
Recommended
resources and procedures for computing and verifying such signatures
7.6
Te h olog
Table 4 - Interoperability standards for technology architecture
Standard ID
Standard
Classification
EGIF.TECH.001
Within the GoB, use intrinsic security provided by Bangladesh Computer Council
Mandatory
Intranet (Info Sarkar and Bangla Government Networks) should be considered for
all Government offices.
EGIF.TECH.002
National Data Center should be considered for hosting of Government data.
Mandatory
Exceptions for establishing DC / DR for independent entities will be made on
case-to-case basis.
EGIF.TECH.003
All entities should adhere to BD-CIRT guidelines
Mandatory
EGIF.TECH.004
For inter-ministry system related information exchange, it is recommended to
Mandatory
use NEA Bus for secured transfer.
EGIF.TECH.005
For all Government transactions requiring citizen online identity verification, NEA
bus based authentication services should be used.
Mandatory
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax, transaction and advisory services. The
insights and quality services we deliver help build trust and confidence in the
capital markets and in economies the world over. We develop outstanding
leaders who team to deliver on our promises to all of our stakeholders. In so
doing, we play a critical role in building a better working world for our people,
for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the
member firms of Ernst & Young Global Limited, each of which is a separate
legal entity. Ernst & Young Global Limited, a UK company limited by
guarantee, does not provide services to clients. For more information about
our organization, please visit ey.com.
© 2015 EY LLP
All Rights Reserved.
This material has been prepared for general informational purposes only and
Draft NEA, e-GIF and MSDP Report
Specifications Checklist
LICT-36-SBCC-CF-SIO: Establishing Enterprise Architecture and
Interoperability Framework
January 2016
January 2016
Document control
Project name
Establishing Enterprise Architecture and Interoperability Framework
Client representatives
Contract package
S10
Credit
5025#BD
Report No
2015-Delhi-0288
Start date
30 November 2014
End date
30 January 2016
Key project team members
BCC
EY
Designation
Name
Function
Team Leader
Mr. Ashish Verma
Team leader
Engagement Manager
Mr. Ramesh Mishra
Engagement Management
Engagement Partner
Mr. Rahul Rishi
Engagement Leadership
Project Coordinator
Project Management
Name
Approval Date
Approval
BCC
EY
Designation
Team Leader
Mr. Ashish Verma
Engagement Manager
Mr. Ramesh Mishra
Engagement Partner
Mr. Rahul Rishi
Mr. Tarique M Barkatullah
Page 2 | Specifications checklist
January 2016
Disclaimer
This report is intended solely for the information and use of the management of Bangladesh Computer Council and is not intended to be
and should not be used by anyone other than these specified parties. EY therefore assumes no responsibility to any user of the report
other than Bangladesh Computer Council. Any other persons who choose to rely on our report do so entirely at their own risk.
As it is practically not possible to study all aspects of a process in its entirety thoroughly during the limited time period of an assessment,
based on our methodology for conducting assessments, we conducted a review of the process and held discussions with the process
owners and other key people in the process during the planning stage of assessment which helped us in identifying specific areas where
architectural & process gaps may exist, opportunities for process and technology improvement. Our subsequent test work, study of issues
in detail and developing action plans are directed towards the issues identified. Consequently this report may not necessarily comment on
all the function / process related matters perceived as important by the management.
The issues identified and proposed action plans in this report are based on our discussions with the people engaged in the process, review
of relevant documents/records and our physical observation of the activities in the process. We made specific efforts to verify the
accuracy and authenticity of the information gathered only in those cases where it was felt necessary. The work carried out and the
analysis thereof is based on the interviews with the personnel and the records provided by them.
The identification of the issues in the report is mainly based on the review of records, sample verification of documents / transactions and
physical observation of the events. As the basis of sample selection is purely judgmental in view of the time available, the outcome of the
analysis may not be exhaustive and representing all possibilities, though we have taken reasonable care to cover the major eventualities.
Errors and Omissions:
When reading this document if you identify any errors or omissions please advise the author in writing, in 15 calendar days, giving a brief
description of the problem, its location within the document and your contact details.
Confidentiality:
This do u e t o tai s privileged a d o fide tial i for atio pertai i g to Establishing Enterprise Architecture and Interoperability
Framework . The a ess level for the do u e t is spe ified a ove. The addressee should honour this access rights by preventing
intentional or accidental access outside the access scope.
January 2016
Table of Contents
1.
SERVERS ................................................................................................................................................... 8
1.1
1.2
1.3
1.4
1.5
1.6
2.
BLADE SERVER – DATABASE............................................................................................................................ 8
BLADE SERVER – APPLICATION ........................................................................................................................ 9
DATABASE SERVER – RACK MOUNT ................................................................................................................ 10
WEB AND DIRECTORY SERVER ....................................................................................................................... 11
BLADE CHASIS ........................................................................................................................................... 12
RACKS ..................................................................................................................................................... 14
STORAGE ................................................................................................................................................ 16
2.1
2.2
2.3
3.
UNIFIED STORAGE SYSTEM ........................................................................................................................... 16
SAN STORAGE ........................................................................................................................................... 18
VIRTUAL TAPE LIBRARY ............................................................................................................................... 19
SWITCHES............................................................................................................................................... 21
3.1
3.2
3.3
3.4
CORE SWITCH............................................................................................................................................ 21
MANAGED ACCESS SWITCH .......................................................................................................................... 23
SAN SWITCH ............................................................................................................................................ 27
AGGREGATION SWITCH ............................................................................................................................... 27
4.
LOAD BALANCER .................................................................................................................................... 29
5.
CLOUD MANAGEMENT SYSTEM ............................................................................................................. 30
6.
VIRTUALIZATION .................................................................................................................................... 39
7.
ENTERPRISE MANAGEMENT SYSTEM ..................................................................................................... 42
8.
SECURITY OPERATIONS CENTER ............................................................................................................. 47
9.
ANTI VIRUS ............................................................................................................................................ 52
10.
10.1
11.
11.1
11.2
11.3
12.
12.1
12.2
ROUTER .............................................................................................................................................. 54
CORE ROUTER ........................................................................................................................................... 54
FIREWALL ........................................................................................................................................... 57
INTERNET ROUTER – FIREWALL ..................................................................................................................... 57
WEB APPLICATION FIREWALL ........................................................................................................................ 57
NEXT GENERATION FIREWALL ...................................................................................................................... 61
INTRUSION PREVENTION SYSTEM ...................................................................................................... 64
NETWORK INTRUSION PREVENTION SYSTEM ................................................................................................... 64
HOST BASED INTRUSION PREVENTION SYSTEM ................................................................................................ 67
13.
SECURITY INCIDENT AND EVENT MANAGEMENT................................................................................ 69
14.
VULNERABILITY MANAGEMENT AND PENETRATION TESTING ............................................................ 75
15.
ANTI-ADVANCED PERSISTENT THREAT ............................................................................................... 82
16.
DATA LEAKAGE PREVENTION SYSTEM ................................................................................................ 84
17.
NETWORK ACCESS CONTROL .............................................................................................................. 87
18.
DATABASE ACTIVITY MONITORING SYSTEM ....................................................................................... 89
January 2016
19.
CONFERENCE ROOM – LED DISPLAY ................................................................................................... 91
20.
VIDEO WALL PROJECTION SYSTEM ..................................................................................................... 92
21.
END-USER SYSTEMS............................................................................................................................ 96
21.1
21.2
21.3
21.4
21.5
21.6
21.7
21.8
21.9
DESKTOP .................................................................................................................................................. 96
LAPTOPS .................................................................................................................................................. 97
TABLETS ................................................................................................................................................... 98
UPS ........................................................................................................................................................ 99
MULTI-FUNCTION PRINTERS ....................................................................................................................... 100
COLOR PRINTERS ..................................................................................................................................... 101
BARCODE PRINTER ................................................................................................................................... 101
BARCODE SCANNER .................................................................................................................................. 102
WEB CAMERA ......................................................................................................................................... 102
January 2016
A
reviatio
Abbreviation
Description
a2i
Access to Information
ADM
Architecture Development Method
ARM
Application Reference Model
BCC
BRM
Business Reference Model
BPEL
Business Process Execution Language
BPMN
Business Process Modelling Notation
CR
Change Request
DC
Data Centre
DR
Disaster Recovery
DRM
Data Reference Model
e-GIF
Electronic Government Interoperability Framework
EA
Enterprise Architecture
EY
Ernst & Young LLP
FOSS
Free and Open Source Software
GoB
Government of Bangladesh
ICT
Information and Communication Technology
ICTD
Information and Communication Technology Division
ISO
International Organization for Standardization
KPI
Key Performance Indicators
LICT
Leveraging Information and Communications Technologies
MoP&ME
Ministry of Primary & Mass Education
MPT&IT
Ministry of Post, Telecommunications & Information Technology
MSDP
Mobile Service Delivery Platform
NEA
National Enterprise Architecture
NeSS
National e-Services System
NID
National Identity
NP
National Portal
PMO
Project Management Office
PoC
Proof of Concept
SID
Statistics and Informatics Division
SLA
Service Level Agreements
TA
Technical Architecture
TOGAF ®
The Open Group Architecture Framework
TRM
Technical Reference Model
UML
Unified Modelling Language
January 2016
January 2016
1.
Servers
1.1
Blade server – database
Sr. No.
Item
Minimum Requirement Description
DBS.REQ.001
Processor
Latest Generation x86-64 Bit Minimum XX GHz with XX Core and XXMB
Cache or more
DBS.REQ.002
Number of Processors
Server should be X socket and populated with X physical processors
DBS.REQ.003
Memory
XX GB DDR3 or higher memory Per Server
(To begin with minimum 128GB can be scaled upto 512GB or more
depending upon the application requirement )
DBS.REQ.004
Interface Port
Blade server should support Ethernet and fiber channel connectivity
OR
Converged Network Adapters in lieu of the same.
The Converged Network Adapters should aggregate both the Ethernet
and FC connectivity on a single fabric
DBS.REQ.005
Network
The server should provide a minimum of XXGb aggregate bandwidth
per blade server
(To begin with 36GB is fine can be scaled up to 128 GB or more depending
no of blades that you populate in a single blade chassis)
DBS.REQ.006
RAID
RAID Controller should be able to do RAID 1, 0
DBS.REQ.007
Internal HDD
Minimum 2 * XXX GB Internal SAS / SATA Hot Swap HDD (10k rpm or
higher)
(To start with 600GB is fine else can be scaled up to 1TB each or more
depending the availablity of capacity in Blade servers)
DBS.REQ.008
Warranty
Critical Components like CPU, Memory, SSD / HDD should be covered
DBS.REQ.009
Power Supply Redundancy
The supporting chassis should have redundant power supply
Configured in N+N Mode.
DBS.REQ.010
Fans
Redundant Hot Swappable Fans
DBS.REQ.011
Form Factor
Blade/ Rack
(Servers for Database can either be Blade or Rack form factor)
DBS.REQ.012
Application Support
Any Database application support like MySQL/SQL Server/Oracle/DB
2/Postgre Sql etc.
DBS.REQ.013
Operating System Support
Support for proposed operating system
(This co-relates with the application and OS that the solution is built on)
January 2016
1.2
Blade server – application
Sr.No.
Item
AS.REQ.001
Processor
Latest Generation x86-64 Bit with Minimum XX Ghz Clock Speed or above
with minimum XX of processors, each processor having X cores and XXMB
Cache or more
AS.REQ.002
Memory
Minimum XX GB DDR3 or higher RAM of highest frequency as applicable
in the quoted model to be offered per processor. Memory should support
ECC and memory mirroring upgradable up to XXGB
(To begin with minimum 128GB can be scaled upto 512GB or more depending
upon the application requirement )
AS.REQ.003
PCI-Express Slots
Server Should Have Minimum 2 * PCI Express Slots or more
AS.REQ.004
Network Interface Ports
Minimum 2 * 10 Gbps Ethernet Ports Per Server or more
AS.REQ.005
FC-HBA Ports
Minimum 2 * 8Gb/s FC HBA Ports / Server or more
AS.REQ.006
Internal RAID
Internal RAID Controller with minimum 256MB battery Backed Write
Cache or better
AS.REQ.007
Internal HDD
Minimum 2* XXXGB Internal SAS / SATA Hot Plug HDD
(To start with 600GB is fine else can be scaled up to 1TB each or more
depending the availablity of capacity of hard drives for blade servers)
AS.REQ.009
Power
Redundant Hot-Swappable Power Supplies Configured in N+N Mode
AS.REQ.010
Fans
Redundant Hot Swappable Fans
AS.REQ.011
Pre-Failure Warranty
Critical Components like CPU, Memory, HDD and PCI Slots should be
covered under Pre-Failure Warranty
AS.REQ.012
AS.REQ.013
AS.REQ.014
OS & Virtualization
MS Windows, UNIX, Linux, Solaris, VMWare VSphere & Microsoft HyperV
Infrastructure Support
etc.
I/O & Power Supply
The supporting chassis should have redundant power supply. The server
Redundancy
should have redundant I/O
From Factor
Half Blade
(With the increase in CPUs the form factor changes half blade supports 2 CPU
where as full blade supports 4 physical CPUs. At any given point in time blade
Chassis support 8 full blade or 16 half blade servers )
January 2016
1.3
Database server – rack mount
Sr no
Minimum Requirement Specifications
1
Servers offered should be highest end enterprise class and should be with the
latest generation processors at the time of supply. However the proposed servers
with 64 bit processor of RISC/EPIC cores processor should not be less than 3.30 Ghz
(RISC), 2.53 GHz for "Ultra SPARC64-VII" or 1.6 GHz for EPIC Processor. It should be
supplied with minimum 24 cores which can be upgraded to 128 cores in the same
server.
The server proposed should be compatible with the Database Solution proposed by
the Bidder for the period of contract.
2
Should support 64bit enterprise class Linux / UNIX, with HA & cluster functionalities.
3
Minimum 24 MB cache (L3) per processor or higher
4
Minimum of 8 GB RAM DDR-3 1066 per core.
5
Min 5 x 300 GB(or higher) latest generation SAS (15 K rpm) for each partition within
the server
6
Minimum 2 Ethernet Ports of 10 Gigabit speed each for each partition
7
Fiber Channel Adapters Minimum 4 x 8Gbps for each partition.
8
1 DVD RW Drive
9
Dual Redundant hot pluggable Power Supply and Fan
10
Logical or Physical Partitioning should be supported
11
Server must have capability for minimum 4 Partitions to run Independent
Enterprise OS Server must have capability for minimum 4 Partitions to run
Independent Enterprise OS
12
Capable of dynamic movement of resources (CPU/ memory/ adapters) across
partitions
13
Should be provided with a GUI / browser based management console to take care
of the partition management & configuration
14
Necessary software and scripts for automatic cluster failover to be supplied for
cluster based solutions to maintain high availability & Fault tolerance in the
proposed solution. It should have seamless failover without manual intervention
15
19 rack mountable with rack mounting accessories
16
Must ensure no single point of failure for production environment and necessary
components must be added to the solution accordingly to ensure that.
17
The proposed server should have ability to use spare processors which would
dynamically kick in when any active processors fail.
January 2016
18
Should support a shared architecture wherein CPU, Memory and I/O can be shared
between the different partitions, be it virtual partitions or logical partitions.
19
If partitioning is used then servers should have similar number of partitions and
every partition on one server should be clustered with respective partition (with
equal amount of Processor Cores, Memory & I/O per partition) on the other server.
20
The proposed partitioning mechanism should have flexibility of assigning resources
like CPU, and Memory to a unit level granularity
to each individual partition. The server should have the configured capability to
assign dedicated resources to partitions.
21
At any given point, CPU utilization should not exceed 65 percentage (during peak &
nonpeak hours)
22
Critical component like CPU, Memory, HDD in server should be hot pluggable to
ensure availability even during hardware failure
23
The database should have the capability to be deployed in an active-active clustered
environment. The database should be available even when one of the servers /
instances fails. The users should be able to work without interruptions.
24
The database software should be available in UNIX, Linux and Windows
environments with identical functionalities and user interfaces
25
Should have the capability to open the standby database for reporting and backup
purpose.
26
Capability to offload all backup activities from the primary database to the physical
standby database.
27
MS Windows, RHEL, SLES, OEL, Oracle Solaris, VMWare VSphere & Microsoft HyperV
28
Critical Components like CPU, Memory, HDD and PCI Slots should be covered under
Pre-Failure Warranty
1.4
29
Support granularity in database security, such as restricted row level access etc
30
The database has to be in the Gardner quadrant
31
The system should not be an end of life / end of service product.
32
Updates and upgrades for minimum three years should be factored
Web and directory server
Sr no
1
19" rack server with rack mounting accessories
January 2016
2
Minimum Intel / AMD series
Processor 6 Core, 15MB Cache, 2.0 GHz.
Populated with 1 Nos. of CPU, scalable to 2.
3
Intel® C600 Chipset / Equivalent or higher
4
Minimum 24 GB RAM DDR-3 1066 scalable to 512 GB.
5
Minimum 3 X 300 GB SAS hard drive
6
RAID Controller with minimum 512 MB Cache & should support RAID levels
minimum 0, 1, 10, 5 & 6
7
Minimum 2 x 10G Ethernet ports with dual controllers & minimum 2 x 8G FC ports with dual
controllers
8
Minimum four PCI-Express slots
9
DVD ± R/W Drive
10
Hot Swappable Redundant power supply & fan
11
Operating System: 64 bit Windows/Linux OEM Server Management Suite, Integrated
remote management controller with dedicated 10/100 Mbps port, should
support graphical console and remote media control
1.5
12
The quoted system must conform to FCC Class A
13
14
Blade chasis
Sr no
1
Single blade Chassis/enclosure should accommodate minimum 14 blade servers
2
Support support heterogeneous environment: AMD, Intel CPU blades, RISC/EPIC
blades must be in same chassis with scope to run Windows Server, Red Hat Linux,
Suse Linux / 64 Bit UNIX or other standard open source OS.
3
Chassis should have a highly reliable mid plane for providing connectivity of the
shared resources to the compute nodes in a highly reliable manner
4
Each enclosure should be configured with redundant Ethernet modules with 10Gbps
downlink ports and 4 no. 10 Gbps and 2 no. 1 Gbps uplink ports per module, uplinkable to the data centre switch. Shall be capable of supporting up to 4 physical
slices per 10Gbps server communication port, within the server Blade. Each of the
tailoring slices shall be capable of tailoring the network with their own dedicated,
customized bandwidth per 10Gbps downlink connection, with customizable speeds
from 100Mbps to 10Gbps
January 2016
5
The Blade enclosure should be configured with redundant fiber channel module
which should support downlink ports to all the blades and 6 No of 8 Gbps uplink
ports to consolidate the FC uplinks to upstream SAN switches. This module should
also provide virtual WWN to the servers in order to assign the servers rapidly.
6
Hot swap and redundant cooling unit and all fans should be fully populated.
7
The blade chassis should have at least 8 I/O Modules
8
The enclosure should be populated fully with power supplies of the highest capacity
available with the vendor. Power supplies should support N+N as well as N+1
redundancy configuration, where N is greater than 1
9
Power Management Features like ;
• To cap the power of individual server or a group.
• Intelligently assign power to the appropriate server in the pool basedon policy
settings.
• To generate comprehensive power reports.
• To show the actual power usage and thermal measurements data of servers.
10
The blade chassis should be configured with cables, connectors and accessories
required to connect the Power distribution units to the power supplies
11
Should support Hot Pluggable & fully Redundant Management Modules
12
The blade chassis should be configured with Hot swap IP based KVM Switch for
Management or KVM Management should be integrated in Remote Management
Controller
13
Should support combination housing of Ethernet, FC, IB interconnect fabrics offering
Hot Pluggable & Redundancy as feature
14
Warranty 5 years 24x7 support directly from the OEM.
15
Must have the ability to map the remote media to the server. Also must have the
ability to transfer files from the user’s desktop/laptop folders to the remote server
with only the network connectivity. Must have the capability of capturing and
deploying OS images.
16
Must have the ability to automatically trigger events and alerts based on performance
issues or thresholds set.
17
18
January 2016
1.6
Racks
Sr.
No.
Parameter
Minimum specification
Floor Mounted Rack- Size 42U (For Rack mounted Servers & Telecom equipment)
1
Acceptable makes
2
Product Certification
Agency to specify the name of the certification and the agency certifying it.
Agency should attach a copy of the certificate.
2
Product Certification
ISO 9001 or CE Certified
3
Width x Depth
800 mm(W) x 1200 mm(D)
3
Side panels
Perforated & Open able with slam latches
4
Cable entry provision
From Top of rack with knock-off, pre-punched marked openings
4
Cable management
Vertical Cable Managers to be provided with suitable accessories on each
side of the rack with covers to improve aesthetics and conceal wiring within
the rack
5
Doors
Front & Rear Metallic Perforated Doors with Air Filters to block entry of fine
dust particles.
5
Locking arrangement
Spring loaded locks for front and rear door with uniform pattern of key
levers with 3 keys to be provided. It should also have provisions for
biometric or proximity card access control mechanism
6
Equipment Mounting Frame
Adjustable frame (preset to 19 inch) with notches at regular intervals for
mounting of equipment such as High end Servers, Telecom equipment, etc
as per Industry standards to be provided
6
Horizontal shelves
4 Nos. of Horizontal perforated shelves for equipment placement
7
Construction of Rack
Powder coated steel cabinet, Black coloured
7
Ventilation
Ventilation Louvers or uniform perforations to be provided on side panel
and rear door
8
Equipment cooling
Equipment cooling to be provided with Brushless Fans (4 Nos.) housed in
Fan tray
January 2016
8
AC Power Outlets
Two strips each with 16 Nos. of 5A/ 15 A, 230 VAC Power outlets (ISI
approved) with Miniature Circuit Breaker, inbuilt Surge suppressor and
power line filter for conditioned power output. Strips to be fitted at rear on
either side with provision for tension reliever. Dual Power supply and
modular power strips should be provided
9
Earthing
Earthing continuity kit to be provided with braided Earth strip.
9
Temperature Control
Two sensors per rack for temperature and humidity control
10
Floor Mounting kit
Floor mounting accessories (such as Adjustable screw legs, Sturdy Castor
wheels, nuts, bolts, washers, clip-on nuts for equipment mounting, etc) and
assembly hardware to be provided.
10
Other accessories
All rack accessories required for equipment mounting to be supplied.
Compact Fluorescent Lamp fitted in the Rack to provide adequate light in
the rack. Filters to be provided to block entry of fine dust particles. As part
of access control the access to racks should also be controlled by a
proximity card system wherever required along with the standard lock and
key mechanism
January 2016
2.
Storage
2.1
Unified storage system
Sr no
Specifications
1
The Storage system should have unified capability i.e. should support block and file
access with host connectivity for FC, iSCSI, CIFS and NFS.
2
The NAS/Gateway/File serving node should be purpose built appliance and should
not be windows based or running on General purpose simple OS or a simple SMB /
NFS configured file server.
3
The system must be dedicated appliance with specifically optimized OS to provide
both SAN and NAS functionalities. The architecture should allow modular upgrades
of hardware and software for investment protection. The system should be suitably
configured for achieving enhanced performance and throughput.
4
The storage system must have dual controllers & file system heads with automatic
failover capabilities in case of one controller or head failure. The storage should be
installed in the OEM Rack to be supplied.
5
High available internal configuration with redundancy features and no single point
of failure. The system should have memory / cache of 16 GB or more across the
controllers for block level
6
The storage system must have auto-negotiating 2 / 4 / 8 Gbps FC, 1 GbE and 10 GbE
interfaces and licenses for NFS, CIFS, FC and iSCSI protocols. The Storage System
should support Raid Levels 0,5,6,10 or equivalent data protections. Multiple raid
configurations to be configured in the proposed solution.
7
The proposed System must be populated with the following ports.
For file-based (NAS) functionality, the solution should be configured with minimum
of 4 (or more) x10GigE (Optical 10G Base SR).
For Block-based (SAN) functionality, the solution should be configured with 4 (or
more) X 8Gbps FC and 2 (or more) X 10G iSCSI.
8
The Storage System should have support for SSD, SAS Drives, NL SAS Drives. The
storage system should have support for 6Gbps SAS 2.0 drives. There should not be
any legacy 3Gbps technologies used in the entire storage architecture. Proposed
system must be able to support all on-line data storage tiers in order to maximize
both system performance and capacity scalability. Proposed system should support
flash, 10K RPM SAS2.0, 15K RPM SAS 2.0as well as 7.2K RPM drives.
9
The storage system is to be supplied with at least 100 TB of usable disk space
(binary) scalable upto 150 TB after RAID6 (in 6+2 configuration) and other over
heads like formatting, raid configuration, one hot spare disk for every 25 disks and
configured with SATA / NL SAS drives for file level access using 4 Tb disks and
necessary disk enclosures.
January 2016
10
The storage system is to be supplied with 800 GB SSD storage with not less than 4
Drives. The storage system is also to be supplied with 60 TB of usable disk space
(binary) after RAID 6 (in 6+2) and other over heads like formatting, raid
configuration, one hot spare disk for every 15 disks and configured with 300GB and
15K RPM SAS 2.0 drives and necessary disk enclosures. All the drives must be in
addition to the drives used to hold the system’s OS
11
The Storage System should have the capability to support Non-Disruptive Data
migration across Volumes. The Storage System Should be configured with host
multi-pathing drivers.
12
The storage array must support at least 1000 disk drives. No replacement or
upgrade of controllers should be required for supporting the 200 disks. It must be a
single or tightly clustered singly managed system rather than aggregate of multiple
separate smaller boxes.
13
The storage must have the ability to create logical volumes without physical capacity
being available (Thin Provisioned) or in other words system should allow
overprovisioning of the capacity. The feature should be made available for the
maximum supported capacity.
14
For file access It must be possible to set quotas at a user, group or file set level and
should have Microsoft active directory and LDAP integration. Support for
heterogeneous client Operating System platforms (on both block and file level) like
LINUX , Microsoft Windows, HP-UX, SUN Solaris, IBM-AIX, ESXi, etc
15
The Storage System must have the Capability to support creation of instantaneous
or Point In Time Snapshot copies of volumes. The snapshot feature should support
incremental and thin provisioned volumes. The snapshot feature needs to have at
least 90 snapshot copies
16
The solution should support virtual infrastructure (like VMware / Hyper-V etc).
Should have capabilities for booting VMs from the SAN. Should be supplied with
virtualization aware APIs for provisioning and managing the storage array from the
virtual infrastructure.
17
The solution must support movement of data between different disk tiers based on
predefined policies (ie storage tiring). Licensing should be provided. The Storage
System shall support Synchronous & Asynchronous Replication for DR Strategy.
18
Easy to use GUI based and web enabled administration interface for configuration,
managing and administration of file & block storage and associated functionalities
including deployment, automation, provisioning, and protection and monitoring
management. Solution Should offer real time performance monitoring tools giving
information on CPU utilization, volume throughput, I/O rate and latency
19
The Storage box should be connected to the servers through SAN switches in High
Available Configuration. (Specifications of the SAN switch enclosed). All necessary
cables for connecting the storage with switches are to be supplied.
January 2016
20
Solution Must be provided with full NDMP functionality and license or equivalent.
Solution Must be fully compatible with all standard backup software’s. There must
be redundant 1 Gbps LAN ports / equivalent mechanism for management. The
storage shall support all standard SAN & NAS security features.
2.2
21
22
San storage
Sr. No.
Item
SAN.REQ.001
Net Storage Capacity Duration
XX Days
SAN.REQ.002
Throughput
8 Gbps or higher (To begin with 8Gbps can be
increased uptill 32Gbps or more)
SAN.REQ.003
Form Factor
Rack mountable
SAN.REQ.004
Disk Speed
10 Krpm
SAN.REQ.005
Minimum Capacity per disk
900GB or higher
SAN.REQ.006
Hot swap disks
Yes
SAN.REQ.007
On-line capacity Expansion
Yes
SAN.REQ.008
H/W based RAID controller
Yes
SAN.REQ.009
Hot swappable controller
Yes
SAN.REQ.010
RAID protection against double failure in RAID
Yes
Group
SAN.REQ.011
Data and control cache swappable
Yes
SAN.REQ.012
Non diruptive on-line firmware upgrade
Yes
SAN.REQ.013
Hot swappable power supply
Yes
SAN.REQ.014
(N+1) redundant power supply
Yes
SAN.REQ.015
Hot swappable cooling fans
Yes
SAN.REQ.016
(N+1) hot swappable cooling fans
Yes
SAN.REQ.017
FC protocol
Yes
SAN.REQ.018
Fabric Management Software
Shall be provided
SAN.REQ.019
Minimum connection from a server to a SAN
2
Switch
SAN.REQ.020
RAID level that will be implemented
RAID 6
January 2016
SAN.REQ.021
Will the proposed product/service reach End-of-
Shouldn't
support during the currency of contract?
SAN.REQ.022
The system should not be an end of life / end of
Yes
service product.
2.3
Virtual Tape Library
Sr no
Specifications
1
Offered Virtual tape Library shall be of modular design to allow configuration,
addition of capacity to increase performance. Offered virtual tape Library
shall be scalable to at-least four numbers of Front-end heads / Nodes. Tape library
shall be configured with minimum 50 number of data cartridges,1 bar code label pack,
cleaning cartridge etc.
2
Offered Virtual Disk library shall be offered with minimum of 60 TB of usable space
scalable to more than 500 TB of usable space in Raid 5/6 if required by adding
additional heads/nodes.
3
Each front-end head / Node of Virtual Tape Library shall have the ability to configure
atleast 16 tape Libraries, at least 100 or more tape drives & at-least 2000 Cartridge
slots. The Virtual Tape Library should be scalable to minimum of 64 Tape Libraries,
minimum 400 Tape drives and minimum 8000 cartridge slots.
4
Offered Virtual Tape library Solution shall have capability to deliver selective restore
from disk Library itself.
5
The Virtual Tape Library should be compatible with the proposed Storage
Solution infrastructure including the SAN Storage, SAN Switch etc.
6
The Virtual Tape Library should be compatible with all the leading backup
software products.
7
The Virtual Tape Library should have the ability to flexibly emulate the most
commonly used tape drive/ tape formats like LTO-Gen3, LTO-Gen4, LTO-Gen5 etc.
8
Each Offered Virtual tape Library head / node shall have minimum of 2 x 4Gbps fiber
Channel connections to SAN switches.
9
Fault tolerance in the offered Virtual tape library shall be achieved by redundancy
technology like RAID 5/6.
10
Offered Virtual Tape Library shall offer inbuilt Hardware Data compression, without
performance degradation,
11
Offered Virtual tape library shall support throughput of minimum 1TB/hr and shall be
scalable to 10TB per hour by adding more capacity and front-end heads / Nodes.
January 2016
12
13
January 2016
3.
Switches
3.1
Core switch
Sr. No.
Item
CSW.REQ.001
Hardware features
Proposed network device must be 19’’ rack mountable
CSW.REQ.002
Hardware features
Network Infrastructure equipment must use 240V AC power.
CSW.REQ.003
Hardware features
Must have Redundancy Power Supply Units (PSUs).
CSW.REQ.004
Hardware features
Must have redundant of other components such as fans within network
equipment.
CSW.REQ.005
Hardware features
Must have redundant CPU/processor cards.
CSW.REQ.006
Hardware features
Support Redundancy for CPU cards in switching over, to allow the standby
CPU to immediately take over
CSW.REQ.007
Hardware features
All components (including elements such as I/O cards, CPUs, power
supplies and fans) must be hot swappable with zero disruption to traffic
forwarding (Unicast or multicast).
CSW.REQ.008
Hardware features
Must have modular slots and dedicated for I/O modules as per
requirement
CSW.REQ.009
Hardware features
For high availability & performance must have approximate supervisory
engine
CSW.REQ.010
Hardware features
Chassis Switching Fabric Must be capable of delivering required bandwidth
per I/O slot.
CSW.REQ.011
Scalability
Must support port channelling or equivalent across multiple chassis.
CSW.REQ.012
Scalability
Physical standards for Network Device
Should support Ethernet (IEEE 802.3, 10BASE-T), Fast Ethernet (IEEE 802.3u,
100BASE-TX), Gigabit Ethernet (IEEE 802.3z, 802.3ab), Ten Gigabit Ethernet
(IEEE 802.3ae)
CSW.REQ.013
Scalability
Software based standards for Network Device
Must support IEEE 802.1d - Spanning-Tree Protocol,
IEEE 802.1w - Rapid Spanning Tree,
IEEE 802.1s - Multiple Spanning Tree Protocol,
IEEE 802.1q - VLAN encapsulation,
IEEE 802.3ad - Link Aggregation Control Protocol (LACP),
IEEE 802.1ab - Link Layer Discovery Protocol (LLDP),
IEEE 802.3x Flow Control
CSW.REQ.014
Scalability
Must support auto-sensing and auto-negotiation like Link Speed/Duplex
CSW.REQ.015
Scalability
Should support Bidirectional Forwarding Detection (BFD) for OSPF, IS-IS
and BGP
CSW.REQ.016
Scalability
Routing protocol support; Static IP routing, OSPF, BGPv4, MP-BGP, BGP
Route
January 2016
CSW.REQ.017
Scalability
The network infrastructure must allow for multiple equal metric/cost
routes to be utilized at the same time
CSW.REQ.018
Scalability
Hardware must support FCOE ports with all FCOE standards support like
FCF & DCB
CSW.REQ.019
Scalability
Must have the ability to complete hitless software upgrades with zero
interruption to services or data forwarding
CSW.REQ.020
Scalability
Should support 802.1 Q-in-Q
CSW.REQ.021
Scalability
IEEE 802.3ad Link Aggregation or equivalent capabilities
CSW.REQ.022
Scalability
IPv6 functionality and capable. If IPv6 compliance/support is not available,
please identify if compliance is defined in device roadmap along with a
timeframe
CSW.REQ.023
Scalability
Must support Static IPv6 routing, OSPFv3 and Should support both IPv4
and IPv6 routing concurrently. There should be the ability to tunnel IPv6
within IPv4.
CSW.REQ.024
Scalability
Supported IPv6 features should include: DHCPv6, ICMPv6, IPv6 QoS, IPv6
Multicast support, IPv6 PIMv2 Sparse Mode, IPv6 PIMv2 Source-Specific
Multicast, Multicast VPN
CSW.REQ.025
Scalability
Device must support multicast in hardware
CSW.REQ.026
Scalability
The switch mush support IEEE 802.1 QBR/ 802.1 BR standard to support
scalability and extension of switching fabric to additional ports if required
outside chassis.
CSW.REQ.027
Scalability
The system must allow extending Layer 2 applications across distributed
data centers
CSW.REQ.028
Security features
Must support multiple privilege levels for remote access (e.g. console or
telnet access)
CSW.REQ.029
Security features
Must support Remote Authentication Dial-In User Service (RADIUS) and/or
Terminal Access Controller Access Control System Plus (TACACS+)
CSW.REQ.030
QoS features
Must support IEEE 802.1p class-of-service (CoS) prioritization
CSW.REQ.031
QoS features
Must support rate limiting (to configurable levels) based on
source/destination IP/MAC, L4 TCP/UDP
CSW.REQ.032
QoS features
Must have the ability to complete traffic shaping to configurable levels
based on source/destination IP/MAC and Layer 4 (TCP/UDP) protocols
CSW.REQ.033
QoS features
There should not be any impact to performance or data forwarding when
QoS features
CSW.REQ.034
QoS features
Must support a "Priority" queuing mechanism to guarantee delivery of
highest-priority (broadcast critical/delay-sensitive traffic) packets ahead of
all other traffic
CSW.REQ.035
QoS features
Must support ability to trust the QoS markings received on an ingress port
January 2016
CSW.REQ.036
Virtualisation
The switch must support data center virtualization, giving department the
ability to virtualize a physical switch into multiple logical devices. With each
logical switch having its own processes, configuration, and administration
CSW.REQ.037
Management
Must support SNMP V1,V2, V3 and be MIB-II compliant
features
CSW.REQ.038
CSW.REQ.039
CSW.REQ.040
CSW.REQ.041
CSW.REQ.042
Management
Must support SNMP traps (alarms/alerts) for a minimum of four
features
destinations
Management
Network switch should support Remote Monitoring on every port covering
features
the following four groups (Statistics, Alarm, Event, History).
Management
Must be able to integrate with all standard Network Management Systems,
features
including HP Open View Suite, Netcool and Infovista
Management
Should support flow based traffic analysis features and the ability to
features
export of network IP flow information.
Management
Must support Network Timing Protocol (NTPv3) and should support the
features
following:
• Configuration of more than one NTP server
• Speciation of a local time zone
• NTP authentication
CSW.REQ.043
Port
Should support upto 48-Port 10G SFP+ Ports loaded with MM modules and
48 nos. 10/100/1000 Mbps ports from Day 1.
(This can be modified as per the solution requirements)
CSW.REQ.044
3.2
Complaince
The switch should be IPV6 complaint.
Managed access switch
Sr. No.
Item
MAS.REQ.001
Switch Architecture and
Switch should have 24 Nos. 10/100/1000Base-TX auto-sensing plus
Performance
4x1G SFP uplinks. (The one highlighted in blue can be updated as
per the port requirements in line with the solution architecture)
MAS.REQ.002
Should support stacking using dedicated stacking ports with up to
Performance
80Gbps throughput
(The one highlighted in blue can be updated as per the port
requirements in line with the solution architecture)
MAS.REQ.003
MAS.REQ.004
Switch should support link aggregation across multiple switches in a
Performance
stack.
Should support stacking of minimum of eight switches
Performance
MAS.REQ.005
Switch should have non-blocking wire-speed architecture.
Performance
MAS.REQ.006
Performance
Switch should support IPv4 and IPv6 from day One
January 2016
MAS.REQ.007
Switch should have non-blocking switching fabric of minimum 56
Performance
Gbps or more (The one highlighted in blue can be updated as per
the port requirements in line with the solution architecture)
MAS.REQ.008
Switch should have Forwarding rate of minimum 41 Mpps.
Performance
MAS.REQ.009
Layer 2 Features
IEEE 802.1Q VLAN tagging.
MAS.REQ.010
Layer 2 Features
802. 1Q VLAN on all ports with support for minimum 255 active
VLANs and 4k VLAN ids
MAS.REQ.011
Layer 2 Features
Support for minimum 8k MAC addresses
MAS.REQ.012
Layer 2 Features
Spanning Tree Protocol as per IEEE 802.1d
MAS.REQ.013
Layer 2 Features
Multiple Spanning-Tree Protocol as per IEEE 802.1s
MAS.REQ.014
Layer 2 Features
Rapid Spanning-Tree Protocol as per IEEE 802.1w
MAS.REQ.015
Layer 2 Features
Self-learning of unicast & multicast MAC addresses and associated
VLANs
MAS.REQ.016
Layer 2 Features
Jumbo frames up to 9000 bytes
MAS.REQ.017
Layer 2 Features
Link Aggregation Control Protocol (LACP) as per IEEE 802.3ad.
MAS.REQ.018
Layer 2 Features
Port mirroring functionality for measurements using a network
analyzer.
MAS.REQ.019
Layer 2 Features
Switch should support IGMP v1/v2/v3 as well as IGMP v1/v2/v3
snooping.
MAS.REQ.020
MAS.REQ.021
Quality of Service (QoS)
Switch should support classification and scheduling as per IEEE
Features
802.1P on all ports.
Switch should support DiffServ as per RFC 2474/RFC 2475.
Features
MAS.REQ.022
Switch should support four queues per port.
Features
MAS.REQ.023
Switch should support QoS configuration on per switch port basis.
Features
MAS.REQ.024
MAS.REQ.025
Switch should support classification and marking based on IP Type
Features
of Service (TOS) and DSCP.
Switch should provide traffic shaping and rate limiting features (for
Features
egress as well as ingress traffic) for specified Host, network,
Applications etc.
MAS.REQ.026
MAS.REQ.027
Strict priority queuing guarantees that the highest-priority packets
Features
are serviced ahead of all other traffic.
Security Features
Switch should support MAC address based filters / access control
lists (ACLs) on all switch ports.
MAS.REQ.028
Security Features
Switch should support Port as well as VLAN based Filters / ACLs.
January 2016
MAS.REQ.029
Security Features
Switch should support RADIUS and TACACS+ for access restriction
and authentication.
MAS.REQ.030
Security Features
Secure Shell (SSH) Protocol, HTTP and DoS protection
MAS.REQ.031
Security Features
IP Route Filtering, ARP spoofing, DHCP snooping etc.
MAS.REQ.032
Security Features
Should support DHCP snooping, DHCP Option 82, Dynamic ARP
Inspection (DAI)
MAS.REQ.033
Security Features
Should support a mechanism to shut down Spanning Tree Protocol
Port Fast-enabled interfaces when BPDUs are received to avoid
accidental topology loops.
MAS.REQ.034
Security Features
Should support a mechanism to prevent edge devices not in the
network administrator's control from becoming Spanning Tree
Protocol root nodes.
MAS.REQ.035
Security Features
Switch should support static ARP, Proxy ARP, UDP forwarding and IP
source guard.
MAS.REQ.036
Security Features
Switch should Support Ipv6 First hop Security with the following
functions: IPv6 snooping, IPv6 FHS binding, neighbor discovery
protocol (NDP) address gleaning, IPv6 data address gleaning, IPv6
dynamic host configuration protocol (DHCP) address gleaning, IPv6
device tracking, neighbor discovery (ND) Inspection, IPv6 DHCP
guard, IPv6 router advertisement (RA) guard
MAS.REQ.037
Management, Easy-to-Use
Switch should have a console port with RS-232 Interface for
Deployment and Control
configuration and diagnostic purposes.
Features
MAS.REQ.038
Switch should be SNMP manageable with support for SNMP Version
1, 2 and 3.
Features
MAS.REQ.039
Switch should support all the standard MIBs (MIB-I & II).
Features
MAS.REQ.040
Switch should support TELNET and SSH Version-2 for Command Line
Management.
Features
MAS.REQ.041
Switch should support 4 groups of embedded RMON (history,
statistics, alarm and events).
Features
MAS.REQ.042
Switch should support system and event logging functions as well as
forwarding of these logs to multiple syslog servers.
Features
MAS.REQ.043
Switch should support on-line software reconfiguration to
implement changes without rebooting. Any changes in the
Features
configuration of switches related to Layer-2 & 3 functions, VLAN, STP,
Security, QoS should not require rebooting of the switch.
January 2016
MAS.REQ.044
Support for Automatic Quality of Service for easy configuration of
QoS features for critical applications.
Features
MAS.REQ.045
MAS.REQ.046
Support for Unidirectional Link Detection Protocol (UDLD) to detect
unidirectional links caused by incorrect fiber-optic wiring or port
Features
faults and disable on fiber-optic interfaces
Switch should have comprehensive debugging features required for
software & hardware fault diagnosis.
Features
MAS.REQ.047
MAS.REQ.048
MAS.REQ.049
Layer 2/Layer 3 trace route eases troubleshooting or equivalent
feature supporting IEEE 802.1 AG, IEEE 802.3 AH identifying the
Features
physical path that a packet takes from source to destination.
Should support DHCP Server feature to enable a convenient
deployment option for the assignment of IP addresses in networks
Features
that do
not have without a dedicated DHCP server.
Features
MAS.REQ.050
Switch should support Multiple privilege levels to provide different
levels of access.
Features
MAS.REQ.051
Switch should support NTP (Network Time Protocol)
Features
MAS.REQ.052
Switch should support FTP/ TFTP
Features
MAS.REQ.053
Standards
RoHS Compliant.
MAS.REQ.054
Standards
IEEE 802.1x support.
MAS.REQ.055
Standards
IEEE 802.3x full duplex on 10BASE-T and 100BASE-TX ports.
MAS.REQ.056
Standards
IEEE 802.1D Spanning-Tree Protocol.
MAS.REQ.057
Standards
IEEE 802.1p class-of-service (CoS) prioritization.
MAS.REQ.058
Standards
IEEE 802.1Q VLAN.
MAS.REQ.059
Standards
IEEE 802.3u 10 BaseT / 100 Base Tx /1000 Base Tx.
MAS.REQ.060
Compliance
The switch should be IPV6 complaint
January 2016
3.3
SAN switch
Sr. No.
Item
SAN.REQ.001
Performance
Minimum Dual SAN switches shall be configured where each SAN switch shall
be configured with minimum of 48 Ports scalable to 192 ports. Switch should
support 240 no of 2/4/8 -Gbps FC ports. Switch should also support 16Gbps
ports, 10G ports as well. (The one highlighted in blue can be updated as per the
port requirements in line with the solution architecture)
SAN.REQ.002
Standard
The switch to support different port types such as FL_Port, F_Port, M_Port
(Mirror Port), arid E_Port; self-discovery based on switch type (U_Port); optional
port type control in Access Gateway mode: F_Port and NPIV-enabled N_Port
SAN.REQ.003
Standard
The switch should be rack mountable with minimum 2 slots for CPU & 3 slots
for line cards. Switch should be loaded with dual CPU from day one.
SAN.REQ.004
Standard
Switch should support advanced features like zoning, hardware based VSAN &
Inter-VSAN routing
SAN.REQ.005
Performance
Should protect existing device investments with auto-sensing 1, 2, 4, and 8
Gbit/sec capabilities.
SAN.REQ.006
Performance
The switch shall provide Aggregate bandwidth of 8000 Gbit/sec Performance of
the switch should not degrade incase one CPU or Fabric fails.
SAN.REQ.007
General
Switch shall have support for web based management and should also support
CLI.
SAN.REQ.008
General
The switch should have facility for firmware download, support save, and
configuration upload/download.
SAN.REQ.009
Reliability
Offered SAN switches shall be highly efficient in power consumption. Bidder
shall ensure that each offered SAN switch shall provide dual redundant power.
3.4
Aggregation switch
Sr. No.
Item
AS.REQ.001
Architecture
Switch fabric capacity - 800 Gbps
(The one highlighted in blue can be modified as per the requirements in line with the
solution architecture)
AS.REQ.002
Architecture
Switch forwarding rates – 600 Mpps for IPv4 and IPv6
AS.REQ.003
Architecture
Should have at least 48 unified fixed ports configurable as 1 and 10 Gigabit
Ethernet, FCoE or 8/4/2/1-Gbps native Fibre Channel. Out of 48, at least 40 port
should be configured from day one with 10G SR optics.
AS.REQ.004
Architecture
Non-blocking switch architecture
AS.REQ.005
Connectivity
802.3ad based standard port/link aggregation, Jumbo frames, storm control
January 2016
AS.REQ.006
Switching
Support at least 2500 VLAN and 24,000 MAC Address
features
AS.REQ.007
Switching
Datacenter bridging exchange, IEEE 802.1Qbb
features
AS.REQ.008
Security
802.1X Network Security and Radius/TACACS AAA authentication
AS.REQ.009
Security
MAC Address filtering based on source and destination address
AS.REQ.010
Security
Support for various ACLs like port based, vlan based and L2- L4 ACL's
AS.REQ.011
Network
Layer3 routing protocols like Static, Inter VLAN routing, OSPF from day 1 for the
Protocols
solution.
AS.REQ.012
Quality Of Service
Minimum 8 number of hardware queues per port
AS.REQ.013
Quality Of Service
DSCP, 802.1p
AS.REQ.014
Multicast
IGMP v1,v2,v3, IGMP snooping, PIM SM/DM, MLD
AS.REQ.015
Management
SNMP v1, v2, v3, RMON/RMON-II enabled, SSH,telnet,GUI, Web management and
should have out of Band Management port
AS.REQ.016
Management
Switch should support port mirroring feature for monitoring network traffic of a
particular port/VLAN.
AS.REQ.017
Management
Switch should support Link Aggregation on two different switches
AS.REQ.018
Management
Built-in real-time performance monitoring capabilities
AS.REQ.019
Management
Power Supply: Switch should have internal Hot Swappable redundant Power
supply
AS.REQ.020
Management
Cooling Fans: Should have redundant cooling FANS
AS.REQ.021
Management
Support consolidating IP, Storage, FC and traditional Ethernet protocols into
single media
AS.REQ.022
Management
The switch should also deliver Fibre Channel over Ethernet (FCoE), which allows
storage traffic to be reliably carried over an Ethernet infrastructure.
AS.REQ.023
Compliance
The switch should be IPV6 complaint
January 2016
4.
Load balancer
Sr. No.
Item
LB.REQ.001
Load Balancer
The proposed load balancer should have the capability to be configured
as the SSL/TLS termination point for HTTPS requests.
LB.REQ.002
Load Balancer
to cache the static content that it receives from origin or backend servers
in its process memory.
LB.REQ.003
Load Balancer
to compress data received from servers in the back end and forward the
compressed content to the requesting clients.
LB.REQ.004
Load Balancer
to limit the number of concurrent connections to a server in the back end.
LB.REQ.005
Load Balancer
The proposed load balancer should support Reverse proxy, SSL 3.0 and
TLS 1.0
LB.REQ.006
Load Balancer
The proposed load balancer should have the capability to limit the
number of concurrent connections to clients and the maximum speed at
which data can be transferred to clients.
LB.REQ.007
Load Balancer
The proposed load balancer should have the capability to limit the rate of
requests from specific clients and request types.
January 2016
5.
Cloud management system
Sr no
Specifications
1
Solution should support cloud services to be delivered on both X86 (Intel, AMD) and
RISC/ EPIC based servers as and when required.
2
The Solution should be capable of allowing applications to self-service compute, network
and storage infrastructures automatically based on workload demand.
3
The Solution should be capable of decoupling applications and application infrastructure
configurations in portable containers called images
4
The tool should provide image library, where Software and server images can be
maintained. Facilities should be there to import new server templates to the library and
registering, so as to use the same for provisioning the new virtual and physical servers
5
Unified infrastructure management software should provide unified physical and virtual
machine management from single console.
6
The Solution should be able to isolate and allow secure authenticated access to
infrastructure services
7
The Solution should be capable of orchestrating compute and storage resource
placements based on flexible policies to maximize hardware utilization.
8
Infrastructure as a service solution to be offered. It should deliver services using multiple
hypervisors including Unix based hypervisors and physical servers.
9
The Solution should be able to abstract compute, network, and storage resources for the
application and user self-service regardless of hypervisor, server, network and storage
hardware.
10
The Solution should be capable of supporting multi-tenancy to run cloud services
(compute, network, and storage) for multiple consumers on a single platform while
dynamically and automatically managing the isolation of virtual and physical machines
into secure pools. This functionality should be exposed via API
11
The solution must provide API reference, So as to aid in integrating with third party
system.
12
The Solution should be able to provide workload migration, orchestration,
interoperability between private and public clouds (like auto-scaling, cloud-bursting)
13
The Solution must support standards-based REST/SOAP/Equivalent interfaces
14
The Solutions should be deployable on a wide variety of open source and proprietary
host Operating Systems
January 2016
15
The Solution should support open format
16
The solution should also be able to restrict usage of each tenant to defined values, else it
would lead to control over-consumption and under consumption of resources
17
Software console shall provide a single view of all virtual machines, allow Monitoring of
system availability and performance and automated notifications with email alerts.
Software console shall provide reports for performance and utilization of physical
servers, Virtual Machines & hypervisors. It shall co-exist and integrate with leading
systems management vendors
18
Management software should provide real-time utilization & trend analysis for CPU,
Memory, Network, disk and power (for physical servers only) for physical server and
virtual machine. It should able to integrate 3 blade enclosures.
19
Software should provide forecast analysis for future workloads based on previous server
(physical or virtual) utilization history
20
Infrastructure management software console shall provide the Manageability of the
complete inventory of virtual machines, and physical servers with greater visibility into
object relationships.
21
It should provide seamless migration from physical to virtual, virtual to physical and
virtual to virtual servers.
22
Software should provide ability to create solution templates (solution may includes
physical servers, virtual machine, storage, network, OS etc ) which can be automatically
deployed multiple times based on subscription. A Single template should support
multiple virtualization technologies & physical servers.
23
It should provide self service portal through which users can subscribe for their suitable
virtual machine / solution template. Users should be able to define for the period for
which they would like to subscribe for the virtual machine / solution
24
Management software should also include necessary workflow for subscription,
approval and provisioning of solution
25
Management solution should enable to deliver Infrastructure as a service with complete
lifecycle management.
26
Proposed hardware platform should offer state-less compute nodes & ability to move
workloads among the farm of servers across enclosures offered. Virtual Server profiles
should move across enclosures offered in the blade server section
27
To ensure future-proofing infrastructure & considering future bandwidth requirements,
proposed server blades and enclosures must have a cost effective upgrade path.
28
Solution should be capable to allocate bandwidth based on application requirement &
to avoid over provisioning of network resources.
January 2016
29
Solution should have capability to integrate with the network slices/ports mentioned in
the enclosure specification and should able to integrate with variable configurable
speeds
30
The software should have the capability to create virtual machines with required
number of vCPUs
31
The cloud solution should tightly integrate with FC and iSCSI SAN Solution provided in
the storage section to leverage high performance shared storage for greater
manageability, flexibility and availability of cloud services
32
The Virtualization software should be based on hypervisor technology which sits directly
on top of Hardware (Bare Metal). The vendor should offer suitable management
software.
33
The Solution should be able to run various operating systems like windows client,
windows server, Linux (at least RedHat, SUSE, Ubuntu, Debian, FreeBSD, Oracle
Enterprise Linux & CentOS), solarisx86, Novell NetWare and any other open source.
34
The Solution should have the capability for creating Virtual Machines templates to
provision new servers
35
The Solution should continuously monitor utilization across Virtual Machines and
should intelligently allocate available resources among the Virtual Machines
36
The Virtualized Machines should be able to boot from iSCSI, FCoE and fiber channel SAN
37
The Virtualized Infrastructure should be able to consume Storage across various
protocols like DAS, NAS , SAN. It should support thin provisioning
38
The Solution should allow for taking snapshots of the Virtual Machines to be able to
revert back to an older state, if required
39
The Solution should be able to dynamically allocate and balance computing capacity
across collections of hardware resources of one physical box aggregated into one
unified resource pool
40
The Solution should cater for the fact that if one server fails all the resources running on
that server shall be able to migrate to another set of virtual servers as available
41
The Solution should provide support for cluster services between Virtual Machines
42
The Solution should provide patch management capabilities such that it should be able
to update patches on its own hypervisor and update guest operating system through
the existing EMS
43
The Solution should provide the monitoring, prioritizing and reserving capabilities for
storage, processor, network, memory so as to ensure that the most important Virtual
Machines get adequate resources even in the times of congestion
January 2016
44
The Solution should support Live Migration of Virtual Machine from one host (Physical
Server) to another
45
The Solution should deliver above listed Hypervisor capabilities using standard server
infrastructure
46
The Solution should provide security on the hypervisor, as well as guest VMs. It should
provide the ability to apply security to virtual machines and security policies that can
follow the machines as they move in the cloud.
47
The Solution should provide policy-based configuration management to ensure
compliance across all aspects of the datacenter infrastructure, including virtual
and physical resources.
48
The solution should have the ability to live migrate VM files from one storage array to
another without no VM downtime. Support this migration from one storage protocol to
another (ex. FC, iSCSI, NFS, DAS).
49
The solution should provide an integrated back-up solution in addition to support for a
centralized backup proxy to offload backup from virtualization host.
50
The Management software should have integrated Physical Host and Virtual Machine
performance monitoring including CPU, Memory, Disk, Network, Power, Storage
Adapter, Storage Path, Cluster services, Virtual machine data stores
51
The management software console shall provide reports for performance and
utilization of Virtual Machines.
52
The management software console shall provide Interactive topology maps to visualize
the relationships between physical servers, virtual machines, networks and storage.
53
The management software should allow reliable and non disruptive migrations for
Physical/ Virtual machines running Windows and Linux operating systems to virtual
environment.
54
The management software should generate automated notifications and alerts, and can
trigger automated workflows to remedy and pre-empt problems.
55
The management software should have provision to capture the blueprint of a known,
validated configuration - including networking, storage and security settings – and
deploy it to many hosts, simplifying setup for automated host
configuration and compliance monitoring
56
The solution should include DR functionality management that must be integrated with
the rest of the virtualization management, with functionality to automate testing and
executing of DR plans (to reduce RTOs) without disrupting production environment
57
The Solution should also provide solution to address replication between
heterogeneous storage arrays across sites.
January 2016
58
The Solution should be able to discover and display virtual machines protected by
storage replication using integration adapters certified by storage vendors.
Support for iSCSI, FibreChannel, and NFS-based store replication.
59
The Solution should be able to discover and display virtual machines protected by
storage replication using integration adapters certified by storage vendors.
Support for iSCSI, FibreChannel, and NFS-based store replication.
60
The Solution should have the ability to extend recovery plans with custom scripts like it
should be able to reconfigure virtual machines’ IP addresses to match network
configuration at failover site.
Compute
1
The Software should have the capability to create Virtual Machines with
required number of vCPUs
2
The Solution should allow Virtual Machines consume RAM dynamically in such
a way that if some of the VMs in Physical machine are not utilizing the RAM,
this RAM can be utilized by some other VM in the same physical machine which has a
requirement
3
The Solution should be able to use power features like in case off peak hours if not all
servers are required to be powered on the solution should shut down to save power
Service Portal Capabilities
1
The Solution should provide a simple to use intuitive Web portal for Data Center Cloud
Administrator and User Departments.
2
The Solution should have self-service capabilities to allow Users Departments to log
service requests
3
The Solution should be able to offer choice of various Service offering on multiple
hypervisors (such as XEN/KVM , Hyper-V, VMware) with an option to select multi
operating systems such as Windows 2003, 2008, RHEL / SUSE Linux, etc., VLAN , Storage
and quickly compute associated price for the same as well as shows the deduction for
overall Tenant approved infrastructure Quota.
4
The Solution should offer Service catalog listing availability of Cloud infrastructure like
Virtual Machines, Physical Machines, Applications , Common Services offered by Private
cloud. Software console shall provide a single view of all type of virtual and physical
machines for monitoring of system availability performance and automated
notifications with email alerts.
5
The Solution should provide comprehensive service catalog with capabilities for service
design and lifecycle management, a web-based self-service portal for users to order and
manage services
January 2016
6
The solution should provide an on-boarding mechanism for the new tenants (
Department) on the cloud infrastructure that automatically creates the tenant, the
tenant administrators, allocates specific resources for the tenant like
storage pools, server pools, S/W packages, network pools (including VLANs, DNS, IP
address spaces, etc...)
7
The Solution should offer Registration, Signup , Forgot Password and other standard
pages (Profile, Billing or Contact information)
8
The Solution should enforce password policies and allow to personalize the look & feel
and logo on the user-interface panels
9
The Solution should be able to offer choice of various hardware profiles, custom
hardware profile, Selection of operating systems, VLAN, Storage. Solution should have
capability to integrate with the network slices/ports mentioned in the enclosure
specification and should able to integrate with variable configurable speeds and
resources available in the enclosure
10
The Solution should automate provisioning of new and changes to existing
infrastructure (Virtual, Physical, Application or Common Services) with approvals
11
The Solution should allow creation of library hosting various Operating System that can
be selected while creating new virtual and physical servers
12
The Solution should track ownership and utilization of virtual machines, Physical
machines, and common services. Solution should have capability to allocate bandwidth
based on application requirement & to avoid over provisioning of network resources. .
13
The Solution must provide the capability to support the following Service Request Types
or reasons for contact: Provisioning of Commuting Infrastructure - Virtual, Physical or
OS
14
The Solution should allow for implementing workflows for provisioning, deployment,
decommissioning all virtual and physical assets in the cloud
datacenter
15
The Solution should allow easy inventory tracking all the physical & virtual assets in the
Private Cloud. The software solution should provide life-cycle management for physical
and virtual servers
16
The Solution should employ Role Level Access Control with the ability to central manage
Roles and Identities in an LDAP based Identity Store
17
The Solution should have the ability to manage Virtual Assets across the major multiple
virtualization platforms (Microsoft, VMware, Xen/KVM, UNIX VM)
18
The Solution should be able to dynamically allocate and balance computing capacity
across collections of hardware resources aggregated into one unified resource pool
with optional control over movement of virtual machines like restricting VMs to run on
selected physical hosts
January 2016
19
The Solution should have Show-Back (to check the usage patterns and reporting for the
user department) and the same solution should have the capability of Charge-Back
20
The Solution should offer usage report by tenant, by region, or by virtual and by
physical server machine reporting usage of memory consumption, CPU consumption,
disk consumption
21
The solution should allow the users to schedule a service creation request in a future
date/time; the solution should check if a request scheduled for a future time can be
fulfilled and reject the request in case of projected resources shortage or accept the
request and reserve the resources for that request,
The solution should allow the users to schedule a service creation request in a future
date/time; the solution should check if a request scheduled for a future time can be
fulfilled and reject the request in case of projected resources shortage or accept the
request and reserve the resources for that request,
22
The Solution should have web based interface for administration
23
The Solution should have the ability generate customize report as well as the native
ability to export to common formats
24
Whenever the Charge Back mechanism is enabled, the Solution must satisfy the
following requirements: • The Solution should support different cost models like
allocated or reserved cost per virtual machine. It should also allow tracking usage of
resources • The Solution should have the ability to charge differently for different level of
services • The Solution should support cost calculation of shared/ multi-tenant
application
25
The Solution should provide service catalog with capabilities for service offering design
and lifecycle management, a self-service portal for users to order and manage services
Capacity Management
1
The Solution should be able to determine how many more physical and virtual
machines can fit the environment
2
The Solution should identify idle, underutilized capacity to provide inputs to the capacity
management function such that informed decisions can be taken
3
The Solution should support to identify and determine optimum sizing and placement
of virtual and physical machines
4
The Solution should provide forecast reports demonstrating forecasted utilization of the
entire solution
5
The Solution should support all of the following modeling scenarios: Physical
to Virtual, Virtual to Virtual, Virtual to Physical,
January 2016
6
The Solution should provide a mechanism to automatically assess high volumes of
workloads and determines optimal placement on virtual machines across the
enterprise’s shared resource pools. The cloud solution should tightly integrate with FC
SAN Solution provided in the storage section to leverage high performance shared
storage for greater manageability, flexibility and availability of cloud services. Also it
should able to integrate with the offered storage and virtualization solution offered.
7
The Solution should be able to utilize existing investment in tools/
Functionality and extend these to physical and virtual environment as well, which are
available from leading vendors
Automation, Orchestration and Monitoring
Process Automation
1
The Solution should demonstrate a way to comprehensively model cloud datacenter
process end to end across multiple Vendors software and hardware thus enforcing
Operational Best Practices and Procedures
Integration Capabilities
1
The Orchestration Solution should be open and interoperable and has rich integration
capabilities that support interfaces from command line interface and web services
2
The Solution should provide resource-level operations across compute resources (IBM,
Cisco, HP, Dell, Oracle and/or other hardware), hypervisors (VMware, Xen/KVM, HyperV), storage resources (EMC, Netapp, IBM,HP,Oracle), and network resources (3Com,
Cisco, Juniper). It should support provisioning for
multiple platforms including Windows, Linux, & ESX, HyperV on x86 (32 and 64 bit) and
UNIX on RISC/EPIC environment
3
The Solution should provide capability for orchestrating tasks across systems for
consistent, documented, compliant activity
4
The Solution should possess capabilities to extent resource & cloud fabric management
onto other Private Clouds or public cloud
5
The Solution should be able to move identified workloads to another private cloud or
public cloud
6
The Solution should be able to audit and monitor execution of processes and report on
violations against the same
7
The various participating HW & SW components in the Data Center process as modeled
by the solution should be easily manageable by this Orchestration layer
January 2016
8
The Solution should provide a set of adapters that should be able to utilize existing
infrastructure elements and IT service management tools to provide smooth, precise
orchestration of automated processes
9
The Solution should be able to accelerate adequate utilization of subsystems (not
limited to but including) the backup solution, the service manager/helpdesk module, the
operations modules, the virtual asset provisioning modules etc
Monitoring Capabilities
1
The Solution should be able to monitor User Department Virtual Resources
independent of the platform & solution/service they are running
2
The Solution should be able to monitor key performance characteristics of the virtual
resource (Processes, OS, Memory, Storage, Network etc.)
3
The Solution should give User Department ability to select performance counters and
duration for which they want to view the performance data
4
The Solution should have the mechanism to store the historical data for problem
diagnosis, trend and analysis
5
The Service level dashboard provided with the Solution should have a web based
interface
6
The Solution should be able to send the reports through e-mail and also SMS to
predefined user with pre-defined interval
7
The Solution should be able provide integration with the existing helpdesk system for
incidents in Data Centers
8
9
January 2016
6.
Virtualization
Sr no
Specifications
1
Virtualization software shall provide a Virtualization layer that sits directly on the bare metal
server hardware with no dependence on a general purpose OS for greater reliability and
security
2
Virtualization software shall integrate with NAS, FC, FCoE and iSCSI SAN and infrastructure
from leading vendors leveraging high performance shared storage to centralize virtual
machine file storage for greater manageability, flexibility and availability.
3
Virtualization software shall allow heterogeneous support for guest Operating systems like
Windows client, Windows Server, Linux (at least Red Hat, SUSE, Ubuntu and CentOS, Solaris
x86)
4
Virtualization software should have storage defining capability according to requirement,
which will enable rapid and intelligent deployment & placement of virtual machines based
on SLA, availability, performance or other requirements and provided storage capabilities.
5
Virtualization software shall be able to dynamically allocate and balance computing capacity
across collections of hardware resources aggregated into one unified resource pool with
optional control over movement of virtual machines like restricting VMs to run on selected
physical hosts.
6
Virtualization software should support connecting smart card readers to multiple virtual
machines, which can then be used for smart card authentication to virtual machines.
7
Virtualization software should provide smart virtual machine disk placement and load
balancing mechanisms based on I/O and space capacity which will help decrease
operational effort associated with the provisioning of virtual machines and the monitoring
of the storage environment.
8
Virtualization software should have the provision to provide zero downtime, zero data loss
and continuous availability for the applications running in virtual machines in the event of
physical host failure, without the cost and complexity of traditional hardware or software
clustering solutions.
9
It should provide QoS capabilities for storage I/O in the form of I/O shares and limits that
are enforced across all virtual machines accessing a storage, regardless of which host they
are running on. Use Storage I/O Control to ensure that the most important virtual machines
get adequate I/O resources even in times of congestion. The feature should be available for
FC, iSCSI and NFS storage datastores.
10
Virtualization software should provide network traffic-management controls to allow flexible
partitioning of physical NIC bandwidth between different network-traffic types and allow
user-defined network resource pools, enabling multi-tenancy deployment, and to bridge
virtual and physical infrastructure QoS with per resource pool 802.1 tagging.
January 2016
11
Allow virtual machines to directly access physical network and storage I/O devices
enhancing CPU efficiency in handling workloads that require constant and frequent access
to I/O devices.
12
The virtualization software should provide Simple and cost effective backup and recovery
for virtual machines which should allow admins to back up virtual machine data to disk
without the need of agents and this backup solution should have built-in variable length deduplication capability.
13
The virtualization software should provide in-built Replication capability which will enable
efficient array-agnostic replication of virtual machine data over the LAN or WAN. This
Replication should simplify management enabling replication at the virtual machine level
and enabling RPOs as low as 15 minutes.
14
The solution should support enforcing security for virtual machines at the Ethernet layer.
Disallow promiscuous mode, sniffing of network traffic, MAC address changes, and forged
source MAC transmits.
15
It should include proactive smart alerts with self-learning performance analytics capabilities
16
The solution should provide a framework that will enable the virtualization and
management of local Flash-based devices on the physical host providing increase in read
performance. This Flash Read Cache technology will enable the pooling of multiple Flashbased devices into a single consumable file system
17
The solution should provide in-built enhanced host-level packet capture tool which will
provide functionalities like SPAN, RSPAN,ERSPAN and will capture traffic at uplink, virtual
switch port and virtual nic level. It should also be able to capture dropped packets and trace
the path of a packet with time stamp details
18
The solution should provide a Latency Sensitivity setting in a VM that can be tuned to help
reduce virtual machine latency. When the Latency sensitivity is set to high the hypervisor
will try to reduce latency in the virtual machine by reserving memory, dedicating CPU cores
and disabling network features that are prone to high latency.
19
The management software should provide means to perform quick, as-needed deployment
of additional hypervisor hosts. This automatic deployment should be able to push out
update images, eliminating patching and the need to schedule patch windows.
20
Virtualization management software console shall provide Interactive topology maps to
visualize the relationships between physical servers, virtual machines, networks and
storage. Also generate automated notifications and alerts, and can trigger automated
workflows to remedy and pre-empt problems.
21
Should provide integration of 3rd party enpoint security to secure the virtual machines with
offloaded antivirus and antimalware solutoins without the need for agents inside the virtual
machines.
22
Support OEM to be able to provide direct support.
23
Virtualization Management Software should be in the Gartner's Magic Quadrant atleast from
last 3 years.
24
January 2016
25
January 2016
7.
Enterprise management system
Sr no
1
Enterprise Management System should provide for end to end
performance,availability, fault and event and impact management for all enterprise
resources that encompasses the heterogeneous networks, systems, applications,
databases and client infrastructure present in the enterprise.
2
The solution provider should be in the Magic Quadrant of Gartner
3
The Service Management solution to be used for incident and problem management,
Inventory & Asset management, Knowledge Management, Service Request
Management, Self Service, Service level management & Helpdesk management
should be built on the same application platform and leverage the same common
Configuration Management Database (CMDB) with a unified architecture. The same
platform should be used across all modules.
4
The service automation solution should provide an unified solution supporting
provisioning, configuration management and compliance assurance across servers,
networks and applications.
5
Solution should provide for future scalability of the whole system without major
architectural changes.
6
Solution should be distributed and scalable and open to third party integration.
7
The solution should be able to monitor all the IT assets for the organization across all
the location spread across the state including servers, storage, network & client level
IT assets like laptops, desktops ,printers, routers, switches etc.
8
The solution should provide both Agent based and Agentless Monitoring in a single
architecture which will provide the organization with the flexibility to choose the level
of management required and deploys the right-sized solution to meet those
requirements
9
The agent and agentless monitor should be able to collect & manage event/fault,
performance and capacity data and should not require separate collectors.
10
The solution should reduce manual customization efforts and should speed-up
problem identification and resolution of the IT performance anomalies with intelligent
events.
11
The solution should accelerate problem isolation through accurate analysis of
probable cause through end-to-end correlation.
12
The solution should have the capability to identify probable root cause using a variety
of filtering and statistical correlation methods to determine their relevance to the
issue being researched.
13
The solution should possess capabilities that deliver self-learning capabilities to
virtually eliminate the effort of manual threshold, rule, and script maintenance.
January 2016
14
The solution should be able to generate dynamic performance baselines and
continuously update and refine these normal operational bands by automatically
adapting to the changes in enterprise infrastructure.
15
The solution should have the capability to perform automated dynamic threshold
management.
16
The solution should have predictive analytics and intelligence in-built into it so as to
detect any anomaly before it could potentially hit the threshold thereby giving enough
lead time to users to resolve the issues before the threshold is breached.
17
The solution should carry out automated probable cause analysis by picking up feeds
from every infrastructure component being monitored and automating the
correlation of these alarms/events to point out the probable cause of an
infrastructure error.
18
Solution should carry out probable cause analysis thereby helping operators to
identify the root cause without having to write complex rules for correlation.
19
Should be configurable to suppress events for key systems/devices that are down for
routine maintenance or planned outage.
20
Should be able to monitor on user-defined thresholds for warning/ critical states and
have mechanism for escalating these events to event console of enterprise
management system and raise various kinds of alerts like email, SMS etc.
21
The solution should provide the mechanism for creation of knowledge base and
provision the same to the end users with the ability to search for known errors from
the knowledgebase
22
Solution should be able to score the events and display the highest impacting events
in descending order or any other order as customized by the administrator.
23
The Solution should offer the ability to monitor any
custom/homegrown applications for whom the monitoring areas have been defined
24
The solution should be extensible enough to support capacity planning and
optimization with data collected through the deployed performance management
agent or from agentless data collectors.
25
Should be able to monitor/ manage large heterogeneous systems environment
continuously.
26
Should be able to monitor & manage distributed & heterogeneous systems (both 32
bit & 64 Bit) - Windows, UNIX & LINUX, including various market leading virtual
platforms like Vmware, Microsoft HyperV etc.
27
Database Monitoring: The solution should be able to monitor all the market leading
database solution providers including but not limited to MS SQL, Oracle, MySQL,
Postgress etc.
28
The Database monitoring should seamlessly integrate with the same EMS
Dashboard/Portal and provide integration with the central event console
January 2016
29
The tool should provide the organization the ability to easily collect and analyze
specific information of applications & databases
30
Servers: Should be able to monitor the server instances, database and instance status,
initialization parameters, CPU usage, parallel processing, and SQL tracing
31
Should be able to monitor performance statistics reported as timings and throughput
values for such operations as reads, writes, and recursive calls
32
Should be able to monitor statistics reports as averages and percentages for such
items as data caches hits, queue waits, disk sorts, and rollbacks
33
Sessions: Should be able to monitor types and numbers of
sessions, session status, session details, and SQL text
34
System Global Area: Should be able to monitor usage and free space for the SGA and
the library, dictionary, and data caches
35
The Network Management must monitor performance across heterogeneous
networks having multiple categories of devices like routers, switches etc. across the
organization including the data center, DR site, near DR site & remote offices.
36
It should proactively analyze problems to improve network performance.
37
The Network Management function should create a graphical display of all
discovered resources.
38
The Network Management function should have extensive reporting facility, providing
the ability to format and present data in a graphical and tabular display
39
Discovery solution should do a complete discovery of IT environment across
distributed, virtual and heterogeneous environment and provide a clear and visual
mapping of IT infrastructure to business services.
40
Should support discovery of Physical, virtual, network,
application, storage and remote infrastructure spread across multiple
41
Solution should support complete agent-less discovery
requiring no software to be installed on devices to be discovered.
42
Should automatically map IT infrastructure to business services
43
Should support continuous updates of configuration & dependency data to CMDB
44
The discovery data should contain all the details of the discovery process including
where it came from and what was the method to retrieve that
45
Should support troubleshooting and diagnostics for any discovery scan failures
46
Business owners should be able to graphically view the health of the various IT assets
& the services
47
Business owners should have a clear view of the extent of impact to their business
and if need be the reason behind the impact for
any incident planned or unplanned
January 2016
48
The IT organization should be able to view their incident tickets by business service
and impact of the same
49
Solution should have the ability to display the events in a table, service, infrastructure,
tree views in multiple levels of view. It
should provide each user the ability to select or view the events as per their
convenience
50
Should monitor various operating system parameters such as processors, memory,
files, processes, file systems etc. where applicable using agent /agentless on the
servers to be monitored.
51
Provide performance threshold configuration for all the agents to be done from a
central GUI based console that provide a common look and feel across various
platforms in the enterprise. These agents could then dynamically reconfigure the
performance monitors to use these threshold profiles they receive.
52
The Solution displays the complete process flow for Incident, problem, Change and
release Management
53
The solution should have Service Management Process Model in built based on ITIL v3
best practices.
54
At each stage in the cycle of the incident, the system should prompt users on the
status and the missing information that is required to complete the flow. The solution
should have capability to fill out missing info as much as possible automatically. In
case any process step is missed, the system should intelligently identify the missing
step and prompts users to complete that step
before they move to the next step
55
Solution should provide the helpdesk engineer an ability to see the list of assets
used by the end user. This list should be displayed within the incident ticket (incident,
change, problem etc.).
56
Should provide relationship viewer to the helpdesk engineer from within the incident
ticket for quick incident resolution. The relationship viewer should display the
dependencies and impact relationships to
other assets and users.
57
Solution should automatically provide solutions from the knowledge base to the
helpdesk engineer
58
The helpdesk engineer should be able to view detailed configuration of a selected
asset (for example: CPU, RAM, Disk Space, IP address, software installed, software
used etc.) for problem resolution.
59
The solution should allow administrators to customize the according to the need and
the organizational policies.
60
Workflow must be able to raise notification via email, SMS, alert to EMS dashboard
etc. and the have provision to interface with
other communication modes.
January 2016
61
The solution should provide remote control of the asset by Helpdesk Analyst for
problem diagnosis
62
Flexibility of logging incidents via various means - web interface, client interface,
phone, auto integration with EMS tools
63
Help Desk solution should allow detailed multiple levels/tiers of categorization on the
type of incident being logged.
64
Help Desk solution should provide classification to differentiate the criticality of the
security incident via the priority levels, severity levels and impact levels.
65
The solution should allow SLA to be associated with a ticket based on priority,
severity, incident type, requestor, asset, location or group individually as well as
collectively.
66
It should be possible for the helpdesk engineer to view the Health of a selected
asset from within the ticket raised or through the asset monitoring tools.
67
The health view should be consistent across platform (Windows/Linux/Unix) if viewed
from within the ticket or through the asset monitoring tools
68
Should support automatic assignment of ticket to the right skilled resource based on
business priority. For example for a database crash the issue need not be assigned to
an L3 DBA unless the business service is completely down. The solution should allow
the administrator to define the skilled resource matrix for correct allocation.
69
Asset causing the business failure and business service that has failed should be
automatically related to the ticket.
70
Should be able to consolidated view/reports across locations along with localized
views/reports.
71
It should have an updateable knowledge base for technical analysis and further help
end-users to search solutions for previously solved issues. Should support full text
search capabilities.
72
The proposed solution shall provide comprehensive hardware and software
discovery and store the configuration details in a single location.
73
The proposed solution shall allow automated delivery of Software, Patches
and OS patches from Central location.
74
The proposed solution shall store inventory and configuration information
with date stamps.
75
The Configuration Management Database should support multiple datasets with
reconciliation facilities so as to get data from various discovery tools and also through
manual import process.
76
77
January 2016
8.
Security Operations Center
Sr no
Specifications
1
The system shall be able to collect, aggregate, capture, process,
categories and filter event data, logs and alert messages in real-time or
near-real-time.
2
Ability to perform event correlation, prioritization of events, sending alerts to
administrators, real-time and historical analysis with trend and ad-hoc reporting
3
Ability to manage the SOC components from the centralized system
4
Information transmitted between the SOC component in a distributed architecture
solution must be encrypted.
5
The system shall be able to support caching/store and forward mode during the
transferring of data for collection
6
The system shall be capable of supporting common log delivery methods. These shall
include e.g. Syslog, OPSEC, SDEE, SNMP, raw text files, ODBC/JDBC and XML files.
7
The system shall be able to capture and store 100% of the information in the original
event data, logs and alert messages and normalize them into a common standard event
schema for further analysis, troubleshooting and other data processing needs. Also
there should be a feasibility to send the raw
logs.
8
The system shall support normalization of the logs so that there is a
common schema across all device sources.
9
The system shall support categorization by providing intuitive
categorization taxonomy so as to ensure that the end users do not have to
know or understand the source devices specific event terminology / syntax.
10
The system shall allow bandwidth management i.e. rate limiting at the log
collector level or provide a store and forward solution at each distributed centre so as to
minimize disruption to the Enterprise’s network
bandwidth utilization and availability
11
Event data must be enhanced in a manner that allows all content developed (filters,
dashboard displays, reports) to be vendor agnostic (i.e.:
a currently deployed technology can be replaced with a similar technology without
having to modify existing content on the log management of SOC
solution).
12
Ability to provide an intuitive user interface with features such as display correlated
events, drill down to packet level event details, simultaneous access to real-time, raw
logs and historical events, customizable at-a-glance security view for administrators
13
Ability to get information from the devices so that they can be categorized by criticality,
etc
January 2016
14
Ability to support various correlation engines like statistical, rule, vulnerability,
susceptibility.
15
Ability to support easy to write correlation rules
16
Ability to correlate events into incidents
17
Ability to seamlessly integrate with proposed EMS so that security events can be viewed
or monitored by the administrators in their familiar views
18
Ability for Real Time Monitoring and Notification - Notify analysts by their preferred
method, including e-mail, SMSs etc
19
Ability to provide scheduled report capabilities for automated report generation
20
Ability to offer a bundle of various predefined reports in multiple formats, such as HTML,
text, CSV, web and graphs that are customizable to the needs
21
Ability to provide comprehensive logging facilities record event data from all sources
22
Ability to prioritise events based on Criticality Ratings assigned to assets
23
Vendor must collect and store log information in a manner that preserves litigation
quality for use in legal proceedings without increasing storage requirements
24
Vendors end-to-end solution must collect, process and store event log information in a
manner that complies with log management best practices. The solution should allow
administrators to extract logs in its raw format for a specific period,device type or an
identified IP address. The logs should be stored in a format to ensure security of the logs
from any unauthorised modification
25
The encryption algorithms and protocols used shall be widely accepted in
security community and not proprietary in nature. Encryption algorithms and protocol
details should be provided
26
The system shall have a robust and proven enterprise DBMS/RDBMS system
27
The system shall support ease of use by offering unlimited drill down capability down to
the capture event data, logs or alert message from the
detected incident or threat
28
The events can be displayed based on user preferences and display
templates can be sorted easily based on majority fields such as event
priority, event start time, end time, attacker IP, target IP, etc.
January 2016
29
The system shall provide filters options including the following that can be
applied to all fields in the captured events.
•=
• !=
•>
• AND
• OR
• NOT
• begins with
• ends with
• contains
• starts with specified substring
• ends with specified substring
30
The system shall provide a dynamic graphical representation of the event
relationship in the real time, and group similar and/or related events with identical fields
31
The system shall provide a user friendly graphical user interface to
create/edit/delete correlation rules without any scripting/programming
involvement
32
The system must be able to detect multi-step attack where the multistep attack can be
detected using correlation to join events spanning a
session over time. The system must combine and relate values from multiple events,
such as from an IDS and a firewall, to infer that the attack
was perpetrated.
33
The system shall have capability to add asset information including physical location,
asset description, IP address, asset ownership, contact
information, role of the server with regard to the business function etc.
34
The system shall support role based access control for different user groups to access
different devices information, views, filters, templates.
35
The system shall provide a secure web access for different user groups to access reports
and resources.
36
Predefined report templates should be available out of the box. However, customization
of reporting should be available completely through the GUI
and not charged separately.
37
The system shall provide the functionality to export the report in thefollowing format:•
PDF• CSV• HTML• Flat file format
38
The system shall provide a report designer that allows users to customize the
appearance of the report such as adding of organization logo in the
report, modifying the graphs, tables, grouping, sorting, etc.
39
The system shall provide real-time or near real-time alerts for detected incidents.
January 2016
40
The system shall integrate with SMS gateways and email systems to deliver the alerts
41
The system shall allow the analyst to define criticality level of the incident and the
corresponding mode of alert.
42
The system shall provide the ability to trigger configurable email messages based on
specific rules.
43
The system shall allow ownership of end devices be defined so that alerts are sent to
individuals responsible for those devices
44
The system shall have built-in case management that allow user to create/update case
upon receiving of events for escalating to the correct
support areas as part of the incident handling management process
45
Solution must be able to integrate with third-party Enterprise Help Desk systems.
Integration must support at a minimum:
automated and manual incident creation, updating of existing incident,
synchronization of incident closure
46
Solution must be able to interface with third-party forensic investigation tools such as
EnCase, NetWitness, NikSun through seamless user actions
47
The system shall allow the assigned officer to update the progress of the incident
investigation and add comments to the assigned cases and accordingly close the cases
48
The system shall allow the users to create reports with common SQL taxonomies such
as GROUP BY, ORDER BY, HAVING etc
49
The system shall provide an automatic notification escalation for notifications which did
not receive an acknowledgment during a specified
time-frame
50
The system shall have a report scheduler to:
a. Select one or more reports to run in a scheduled job
b. Configures optional email recipients (optional)
c. Attaches reports to emails (optional)
51
The system shall have the capability to allow creation of custom dashboards
52
The system Reporting module shall support the following
visualization:
a. Column Chart
b. Bar Chart
c. Line Chart
d. Pie Chart
e. Table
f. Scatter
g. Radar
h. Curve Area
53
The proposed solution should be mentioned in the Gartner's leader quadrant for the
last three years
January 2016
54
The proposed solution must provide all updates and upgrades within the proposed
solution license
55
56
January 2016
9.
Anti virus
Sr. No
1
Should protect systems from virus attacks in real time without compromising performance
of the system and work in a client server mode
2
Should be able to support 32bit/64 bit environment in Windows, Linux, Sun Solaris, HPUnix
3
Should be capable of detecting and cleaning virus infected files as well as scanning for ZIP,
RAR compressed files, and TAR, archive files etc.
4
Should support upgrade and update without moving the server off-line .
5
Should use multiple scan engines during the scanning process
6
Should have in-memory scanning so as to minimize Disk I/O
7
Should have Multi-threaded scanning
8
Should have scanning of nested compressed files
9
Should have an anti-spam solution
10
Should support various types of reporting formats such as CSV, HTML , text or pdf files
11
Should be capable of being managed by a central management station
12
Should be capable of protecting all the servers in the data centre
14
Must have capability to restore spyware/grayware if the spyware/grayware is deemed safe
15
Must support sending log to external network device/log server
16
Must support remote GUI management of AV server
17
Should support Scanning of FTP traffic
18
Support Web threat protectioon
19
Should support true filetype scanning
20
Should support behavioural/heuristic scanning
21
Should support virtualisation platforms
22
Should suppport host Firewall and Host Intrusion detection/prevention system
23
Should support excluding user defined processes
24
Should support host firewalls and host intrusion prevention/detection system
25
Should have exclude scan option support
26
January 2016
27
January 2016
10. Router
10.1 Core Router
Sr. No.
Item
ROU.REQ.001
Functional
The router shall support 1:1 route processor/control processor redundancy,
Requirements
1:1/1:N switch fabric and PSU redundancy and 1:1 service module redundancy in
case any services asked for in the RFP is delivered through a service module
ROU.REQ.002
Functional
The Core router must be based on architecture which does hardware based
Requirements
forwarding and switching. The processing engine architecture must be multi
processor based for enhanced performance.
ROU.REQ.003
ROU.REQ.004
ROU.REQ.005
Functional
The Core router must have onboard support for intelligent traffic measurement
Requirements
and analysis. The router must support flow based traffic analysis feature.
Functional
The router must have hardware assisted Network Address Translation (NAT)
Requirements
capability as per RFC 1631.
Hardware
Backplane Architecture: The back plane architecture of the router must be
Architecture
modular and redundant. The back plane bandwidth have scalibility to 10Gbps
ROU.REQ.006
Hardware
Number of Slots: The router must be chassis based with minimum 4 numbers of
Architecture
slots.
ROU.REQ.007
Hardware
The router must have redundant power supply module. The router must
Architecture
support 220V AC or
-48V DC power supply module. There should not be any impact on the router
performance in case of one power supply fails.
ROU.REQ.008
Hardware
The router processor architecture must be multi processor based and should
Architecture
support hardware accelerated, parallelized and programmable IP forwarding
and switching.
ROU.REQ.009
Hardware
The router in the event of failure of any one processor should switchover to the
Architecture
redundant processor without dropping any traffic flow. There should not be any
impact on the performance in the event of active routing engine.
ROU.REQ.010
Hardware
The router must support on line hot insertion and removal of cards. Any
Architecture
insertion line card should not call for router rebooting nor should disrupt the
remaining unicast and multicast traffic flowing in any way.
ROU.REQ.011
ROU.REQ.012
Hardware
The router must have support for flash memory for configuration and OS
Architecture
backup.
Router
Should support up to 18 Mpps of Forwarding performance
Performance
January 2016
ROU.REQ.013
Router
The Router solution must be a carrier-grade Equipment supporting the
Performance
following:
Hitless interface protection, In-band and out-band management, Software
rollback feature, Graceful Restart for OSPF, BGP, LDP, MP-BGP etc.
ROU.REQ.014
Router
The router should support uninterrupted forwarding operation for OSPF, IS-IS
Performance
routing protocol to ensure high-availability during primary controller card
failure.
ROU.REQ.015
Physical
The router line card must support following interface as defined in the IEEE, ITU-
Interface
T:
Support
Fast Ethernet - 10BaseT/100BaseT Ethernet as defined in IEEE 802.3 , Gigabit
Ethernet - 1000BaseSX, 1000BaseLX, 1000BaseZX as defined in IEEE 802.3
ROU.REQ.016
Physical
The router should support Channelized STM1 interfaces to aggregate multiple
Interface
E1 / sub-rate E1 circuits coming in from remote locations.
Support
ROU.REQ.017
Physical
Support for 10 Gigabit Ethernet interface.
Interface
Support
ROU.REQ.018
Layer 3 Routing
The router must support the IPv4 and IPv6 stack in hardware and software. It
Protocols
must support both IPv4 and IPv6 routing domains separately and concurrently.
It must also support the ability to bridge between IPv4 and IPv6 routing
domains.
ROU.REQ.019
Layer 3 Routing
The router must support RIPv1 & RIPv2, OSPF, BGPv4 and IS-IS routing protocol.
Protocols
ROU.REQ.020
IPv6 Support
Should be IPv6 complaint
ROU.REQ.021
IPv6 Support
Should support IPv6 static route, OSPFv3, IS-IS support for IPv6, Multiprotocol
BGP extensions for IPv6, IPv6 route redistribution.
ROU.REQ.022
IPv6 Support
The router shall support dual stack IPv6 on all interfaces and IPv6 over IPv4
tunneling, IPv6 Multicast protocols – Ipv6 MLD, PIM-Sparse Mode, and PIM –
SSM,Pv6 Security Functions – ACL, IPv6 Firewall, SSH over IPv6, MPLS Support for
IPv6 - IPv6 VPN over MPLS, Inter-AS options, IPv6 VPN over MPLS, IPv6 transport
over MPLS
ROU.REQ.023
IPv6 Support
The router should support for IPv6 Multicast.
ROU.REQ.024
IPv6 Support
Should support IPv6 Quality of Service
ROU.REQ.025
IPv6 Support
Should perform IPv6 transport over IPv4 network (6 to4 tunneling).
ROU.REQ.026
IPv6 Support
Should support SNMP over IPv6 for management.
ROU.REQ.027
Quality of
The router must be capable of doing Layer 3 classification and setting
Service
ToS/Diffserve bits on incoming traffic using configured guaranteed rates and
traffic characteristics. The marking of the ToS/Diffserve bits should be nonperformance impacting.
ROU.REQ.028
Quality of
The scheduling mechanism must allow for expedited or strict priority routing for
Service
all high priority traffic.
January 2016
ROU.REQ.029
ROU.REQ.030
Quality of
The scheduling mechanism must allow for alternate priority routing traffic
Service
necessary to keep from starving other priority queues.
Quality of
The router must provide facility to prioritize the SNMP traffic.
Service
ROU.REQ.031
Multicast
The multicast implementation must support source specific multicast.
Support
ROU.REQ.032
Multicast
The router must support IGMPv2 and IGMPv3.
Support
ROU.REQ.033
MPLS Feature
Should support all standard protocols
ROU.REQ.034
MPLS Feature
Multicast VPN (mVPN)
ROU.REQ.035
Security Feature
Should support Access Control Lists at layer 2-4 in hardware. The access list
parameters may be any combination of source and destination IP or subnet,
protocol type (TCP/UDP/IP etc), source and destination port. There should not be
any impact on the router performance upon enabling Access Lists.
ROU.REQ.036
Security Feature
The router should support multiple levels of access or role based access
mechanisms.
ROU.REQ.037
Security Feature
Should support CPU Rate limiting and control plane policing feature to make
sure the router is always available for management.
ROU.REQ.038
Security Feature
The proposed router should support for NAT performance of 10 Gbps and 4
Gbps of encryption from day one, Version of software for supplied router should
be latest release to support all required features
ROU.REQ.039
Security Feature
The proposed router should have embedded support for 4000 IPsec tunnels
from day one, Version of software for supplied router should be latest release to
support all required features
ROU.REQ.040
Router
Console Port: It should be possible to manage a particular system locally
Management
through console port or through a telnet session over LAN/WAN.
Feature
ROU.REQ.041
Router
The router must support management through SNMPv1, v2 and v3
Management
Feature
ROU.REQ.042
Router
The router must support RADIUS and TACACS. The router must role based
Management
access to the system for configuration and monitoring.
Feature
ROU.REQ.043
Router
The router must support Network Time Protocol (NTP) as per RFC 1305.
Management
Feature
ROU.REQ.044
Router
The router must have DHCP server functionality so that it can be used to lease IP
Management
addresses to the end points of local area network whenever required.
Feature
ROU.REQ.045
Port
Each Core router should be provided with 8 x 1G ports and 2 x 10G ports from
requirement
Day 1
from Day 1
January 2016
ROU.REQ.046
Industry
The Router should be minimum EAL /NDPP Applicable Protection Profile
Standards &
certified under the Common Criteria Evaluation Program
Certifications
ROU.REQ.047
Support
January 2016
11. Firewall
11.1 Internet router – firewall
Sr. No.
Item
IR.REQ.001
Architecture
The Router should have complete security suite by supporting IPSec ,VPN,
Firewall (Zone based & Stateful firewall), IPS, Content Filtering functionalities
into a single box along with full support for dynamic routing protocols. If any
of the mentioned features can't be provided into a single box solution by any
vendor, multiple boxes must be quoted to achieve these features from day
one.
IR.REQ.002
Interface Support
Router should have minimum 2 slots and above to accommodate large variety
of interface& should support FE, GE (both Ethernet based & fiber based), Serial
V.35, ports, G.703 ports, E1, Chn E1 etc.
IR.REQ.003
Performance
1. The router should support minimum 50 Mbps of WAN link termination with
minimum 150 kpps of forwarding rate for both IPv4 & IPv6.
2. The router should support minimum 20 Mbps of WAN link termination with
minimum 300 kpps of forwarding rate for both IPv4 & IPv6.
3. The router should support minimum 400 Mbps of WAN link termination
with minimum 600 kpps of forwarding rate for both IPv4 & IPv6.
IR.REQ.004
Layer 3 Protocol
The router shall have the following IPv4 Interior Gateway Protocols (IGP) –
Support
Static Route, Default Route, RIPv2, OSPFv2 and IS-IS, BGP4 from day one. All
necessary licenses if any, to be provided to enable Static Route, OSPF V3,
BGPV4 for IPv6. IP Multicast Routing Protocols to facilitate applications such as
streaming, webcast, command & control etc. must be enabled form day one
along with PIM SM, MPLS features – LDP etc.
IR.REQ.005
IR.REQ.006
Interface
3 x 1 Gigabit Ethernet Interfaces from day one , scalable upto minimum 5 GE
Requirements
ports
Industry Standards &
The Router should be minimum EAL3/EAL4/NDPP or above certification
Certifications
IR.REQ.007
Compliance
The router should be IPV6 complaint
11.2 Web application firewall
Sr. No.
Item
WAF.REQ.001
Web Application Firewall
The appliance based solution should support Inline bridge mode of
deployment and should have a built-in bypass for both "fail-open" and
"fail-close" mode.
January 2016
WAF.REQ.002
The Web application firewall should address Open Web Application
Security Project (OWASP) Top Ten security vulnerabilities such as SQL
Injection, Cross-Site Scripting (XSS), Broken Authentication and Session
Management and those listed in NIST SP800-95 guidelines.
WAF.REQ.003
The solution should prevent the following attacks (but not limited to):
a)
Brute force /DDOS
b)
Access to predictable resource locations
c)
Unauthorized navigation
d)
Web server reconnaissance
e)
HTTP request format and limitation violations (size, unknown
method, etc.)
f)
Use of revoked or expired client certificate
g)
File upload violations.
WAF.REQ.04
Should have DLP capabilities to ensure privacy of sensitive data.
WAF.REQ.05
Should support positive and negative security model.
WAF.REQ.06
Should have the ability of caching, compression of web content and SSL
acceleration.
WAF.REQ.07
Should have integrated SSL Offloading capabilities, further the solution
should support SSL and/or TLS termination, or be positioned such that
encrypted transmissions are decrypted before being inspected by the
WAF.
WAF.REQ.08
Should have integrated basic server load balancing capabilities.
WAF.REQ.09
Should meet all applicable PCI DSS requirements pertaining to system
components in the cardholder data environment, should also monitor
traffic carrying personal information.
WAF.REQ.10
Should have the ability to inspect web application output and respond
(allow, block, mask and/or alert) based on the active policy or rules, and
log actions taken.
WAF.REQ.11
Should inspect both web page content, such as Hypertext Markup
Language (HTML), Dynamic HTML (DHTML), and Cascading Style Sheets
(CSS), and the underlying protocols that deliver content, such as
Hypertext Transport Protocol (HTTP) and Hypertext Transport Protocol
over SSL (HTTPS). (In addition to SSL, HTTPS includes Hypertext Transport
Protocol over TLS.)
WAF.REQ.12
WAF should support dynamic source IP blocking and should be able to
block attacks based on IP source.
WAF.REQ.13
Should inspect Simple Object Access Protocol (SOAP) and extensible
Markup Language (XML), both document- and RPC-oriented models, in
addition to HTTP (HTTP headers, form fields, and the HTTP body).
January 2016
WAF.REQ.14
Inspect any protocol (proprietary or standardized) or data construct
(proprietary or standardized) that is used to transmit data to or from a
web application, when such protocols or data are not otherwise inspected
at another point in the message flow.
WAF.REQ.15
WAF should support inline bridge or proxy mode of deployment.
WAF.REQ.16
WAF should have an option to configure in Reverse proxy mode as well.
WAF.REQ.17
Actions taken by WAF to prevent malicious activity should include the
ability to drop requests and responses, block the TCP session, block the
application user, or block the IP address.
WAF.REQ.18
Transactions with content matching known attack signatures and
heuristics based should be blocked.
WAF.REQ.19
The WAF database should include a preconfigured comprehensive and
accurate list of attack signatures.
WAF.REQ.20
The Web application firewall should allow signatures to be modified or
added by the administrator.
WAF.REQ.21
The Web application firewall should support automatic updates (if
required) to the signature database, ensuring complete protection against
the latest application threats.
WAF.REQ.22
WAF should be able to restrict the number of files in a request.
WAF.REQ.23
WAF support the following normalization methods:
WAF.REQ.24
a)
URL-decoding (e.g. %XX)
b)
Null byte string termination
c)
Self-referencing paths (i.e. use of /. / and encoded equivalents)
d)
Path back-references (i.e. use of /.../ and encoded equivalents)
e)
Mixed case
f)
Excessive use of whitespace
g)
Comment removal (e.g. convert DELETE/**/FROM to DELETE FROM)
h)
Conversion of (Windows-supported) backslash characters into
forward slash characters.
i)
Conversion of IIS-specific Unicode encoding (%uXXYY)
j)
Decode HTML entities (e.g. c, ", ª)
k)
Escaped characters (e.g. \t, \001, \xAA, \uAABB).
WAF.REQ.25
WAF should support different policies for different application sections.
WAF.REQ.26
The Web application firewall should automatically learn the Web
application structure and elements.
WAF.REQ.27
The Web application firewall learning mode should be able to recognize
application changes as and when they are conducted.
January 2016
WAF.REQ.28
The WAF should have the ability to perform behavioral learning to
examine traffic and highlight anomalies and provide recommendations
that can be turned into actions such as apply, change and apply, ignore
etc.
WAF.REQ.29
The Web application firewall should support line speed throughput and
sub-millisecond latency so as not to impact Web application performance.
WAF.REQ.30
For SSL-enabled Web applications, the certificates and private/public key
pairs for the Web servers being protected need to be up loadable to the
Web application firewall.
WAF.REQ.31
The Web Application Firewall should have "anti-automation" protection
which can block the automated attacks that use hacking tools, scripts,
frame work etc.
WAF.REQ.32
The Web application firewall should have an out-of band management
port.
WAF.REQ.33
The Web application firewall should support web based centralized
management and reporting for multiple appliances.
WAF.REQ.34
Bidder should be able to deploy the Web application firewall and remove
the Web application firewall from the network with minimal impact on the
existing Web applications or the network architecture.
WAF.REQ.35
The Web application firewall should be able to integrate with web
application vulnerability assessment tools (Web application scanners).
WAF.REQ.36
WAF should be able to integrate with the existing/ proposed SIEM
solution.
WAF.REQ.37
The Web application firewall should be able to generate custom or predefined graphical reports on demand or scheduled.
WAF.REQ.38
The Web application firewall should provide a high level dashboard of
system status and Web activity.
WAF.REQ.039
Should be able to generate comprehensive event reports with filters:
a. Date or time ranges
b. IP address ranges
c. Types of incidents
d. Geo Location of attack source
d. Other (please specify).
WAF.REQ.040
The following report formats are deemed of relevance: Word, RTF, HTML,
PDF, XML, etc.
WAF.REQ.041
Unique transaction ID should be assigned to every HTTP transaction (a
transaction being a request and response pair), and included with every
log message.
WAF.REQ.042
Access logs can periodically be uploaded to the logging server (e.g. via
FTP, SFTP, WebDAV, or SCP).
January 2016
WAF.REQ.043
Web application firewall should provide notifications through Email,
Syslog, SNMP Trap, Notification via HTTP(S) push etc.
WAF.REQ.044
WAF should be able to log full session data once a suspicious transaction
is detected.
WAF.REQ.045
Should be simple to relax automatically-built policies.
WAF.REQ.046
The solution should provide the admin to manually accept false positives.
WAF.REQ.047
Should be able to recognize trusted hosts.
WAF.REQ.048
The WAF in passive mode should be able to provide impact of rule
changes as if they were actively enforced.
WAF.REQ.049
The solution should be capable of performing or integrating with third
party vulnerability scanners to provide virtual patching capabilities.
WAF.REQ.050
Should support clustered deployment of multiple WAFs sharing the same
policy.
WAF.REQ.051
The solution should support virtual environments.
WAF.REQ.052
The solution should support all operating systems and their versions
including but not limited to Windows, AIX, Unix, Linux, Solaris, HP Unix.
WAF.REQ.053
The solution should have the capability of load balancing between the
applications in an active – active environment.
WAF.REQ.054
The Web application Firewall should support authentication with LDAP
and radius server.
WAF.REQ.055
The Solution should allow commands like PING, trace route, telnet Wget,
Nslookup from WAF for troubleshooting network related issues.
WAF.REQ.056
The Solution should have option to configure NTP server details.
WAF.REQ.057
OEM should provision for 24*7 service support for the web application
firewall.
WAF.REQ.058
The solution should have network routing feature.
WAF.REQ.059
In case of RMA Process, Define the no of days to deliver the solution.
WAF.REQ.060
Should support both IPv4 and IPv6
11.3 Next Generation Firewall
Sr. No.
Item
NGF.REQ.001
Next Generation Firewall
Industry Certifications and Evaluations
NGF.REQ.002
Firewall appliance should have common Criteria EAL4+/NDPP/ ICSA
Cerifification.
(The one highlighted in blue can be modified as per the requirements in line
with the solution architecture)
January 2016
NGF.REQ.003
Hardware Architecture
NGF.REQ.004
The appliance based security platform should be capable of providing
firewall, URL Filtering, Application Control, and VPN (both IPSec and SSL)
functionality in a single appliance from day one.
NGF.REQ.005
SSL VPN Gateway should have Host Scan capability to gather information
and to control which hosts are allowed to create a remote access
connection to the VPN Security Appliance based on pre-login policy for
evaluating the host operating system, antivirus, anti-spyware.
NGF.REQ.006
Should support minimum 100 SSL VPN concurrent users with scalability
option.
NGF.REQ.007
The appliance should support at least 8 10/100/1000 ports from Day one.
NGF.REQ.008
Firewall should support dual stack (IPv4 and IPv6) for all features.
NGF.REQ.009
Firewall should support IPv4 & IPv6 static routing, RIP, OSPF v2 & v3 and
BGP.
NGF.REQ.010
Performance & Scalability
NGF.REQ.011
Firewall should support at least 1000Mbps with all modules enabled
(firewall, URL Filtering, Application Control, and VPN).
NGF.REQ.012
Firewall should support at least 5,00,000 concurrent sessions.
NGF.REQ.013
Firewall should support at least 20,000 new connections per second.
NGF.REQ.014
Firewall should support at least 200 VLANs.
NGF.REQ.015
Firewall should have support for at least 3 virtual firewalls.
NGF.REQ.016
Firewall Features
NGF.REQ.017
Should be a Stateful packet inspection firewall.
NGF.REQ.018
Firewall module should support security policies (firewall) rules) based on:
IP address
Network subnet
Protocol (TCP, UDP, ICMP, etc.)
Services
User-group
NGF.REQ.019
Firewall should provide application inspection for DNS, FTP, HTTP, SMTP,
ESMTP, LDAP, MGCP, RTSP, SIP, SCCP, SQLNET, TFTP, H.323, SNMP.
NGF.REQ.020
Firewall should support creating access-rules with IPv4 & IPv6 objects
simultaneously eg: IPv4 source & IPv6 destination.
NGF.REQ.021
Firewall should support operating in routed & transparent mode. Should
be able to set mode independently for each context in multi-context
mode.
January 2016
NGF.REQ.022
In transparent mode firewall should support ARP-inspection to prevent
spoofing at Layer-2
NGF.REQ.023
Firewall should support DOS protection functionalities like TCP
intercept/TCP Syn cookie protection, Dead Connection Detection/ TCP
sequence randomization, TCP normalization to clear TCP packets of
anomalies like clearing or allowing selective TCP options, reserved bits,
urgent flags & provide TTL evasion protection.
NGF.REQ.024
Should support Routing protocols such as Static, RIP, OSPF v2 & v3, BGP
Protocol.
NGF.REQ.025
Firewall should support static NAT, PAT, dynamic NAT & destination based
NAT.
NGF.REQ.026
Firewall should support NAT 66 (IPv6-to-IPv6), NAT 64 (IPv6-to-IPv4) & NAT
46 (IPv4-to-IPv6) functionality.
NGF.REQ.027
High-Availability Features
NGF.REQ.028
Firewall should support stateful failover of sessions in Active/Standby and
Active/Active mode and have internal redundant power supply.
NGF.REQ.029
Should support Non Stop Forwarding in HA.
NGF.REQ.030
Management
NGF.REQ.031
The management platform should be accessible via a web-based
interface or console based interface. The management platform must be
of Firewall and should always be accessible all the time irrespective of the
Load on the firewall.
NGF.REQ.032
The management platform should provide dashboard for management
purposes and should have role based logging capabilities.
NGF.REQ.033
The management platform should be capable of role-based
administration, enabling different sets of views and configuration
capabilities for different administrators subsequent to their
authentication.
NGF.REQ.034
The device should allow access log to be sent to:
External Log server
NGF.REQ.035
The device should support:
at least 40 different URL categories and 1000 applications
January 2016
12. Intrusion prevention system
12.1 Network Intrusion Prevention System
Sr. No.
Item
NIPS.REQ.001
Network Intrusion
Platform Requirement
Prevention System
NIPS.REQ.002
NIPS.REQ.003
Network Intrusion
The device should be a purpose built dedicated appliance (not a subset of
Prevention System
firewall or UTM appliance).
Network Intrusion
The device should operate in transparent (Bridge) mode.
Prevention System
NIPS.REQ.004
Network Intrusion
The device should have separate dedicated interface for management.
Prevention System
NIPS.REQ.005
Network Intrusion
The device should have external / internal Redundant Power Supply (RPS).
Prevention System
NIPS.REQ.006
Network Intrusion
L2
Prevention System
NIPS.REQ.007
Network Intrusion
Prevention System
The device should perform traffic inspection based on:
a) Signatures
b) Protocol anomaly
c) Behavior anomaly
d) Reputation
NIPS.REQ.008
Network Intrusion
Prevention System
The device should accurately detect the following Attack categories:a) Unauthorized access attempts
b) Pre-attack probes
c) DoS
d) Vulnerability exploitation
e) Zero-day attacks.
NIPS.REQ.009
NIPS.REQ.010
Network Intrusion
The device should employ full seven-layer protocol analysis of over 100
Prevention System
internet protocols like HTTP, FTP, SMTP, etc.
Network Intrusion
The device should support more than 2500 signatures.
Prevention System
NIPS.REQ.011
Network Intrusion
Prevention System
The device should handle following traffic:
a) IPv6
b) IPv4
c) Asymmetric / Symmetric Traffic
January 2016
NIPS.REQ.012
Network Intrusion
Prevention System
The device should support:
a) Bi- directional inspection
b) Detection of Shell Code
c) Advanced evasion protection.
NIPS.REQ.013
NIPS.REQ.014
Network Intrusion
The device should have the ability to identify/block individual applications
Prevention System
(eg. Facebook or Skype) running on one protocol (eg. HTTP or HTTPS).
Network Intrusion
The device should identify SSL Protocol based attacks.
Prevention System
NIPS.REQ.015
NIPS.REQ.016
NIPS.REQ.017
Network Intrusion
The device should have the ability to scan malware within files such as
Prevention System
PDF, MS office Documents.
Network Intrusion
The device should be capable of providing network-based detection of
Prevention System
malware by checking the disposition of known files in the cloud.
Network Intrusion
The device should support Protection against Client side attacks.
Prevention System
NIPS.REQ.018
Network Intrusion
Prevention System
The device should protect:
Web applications
Web 2.0
Databases
NIPS.REQ.019
Network Intrusion
The device should support both IPv4 & IPv6 simultaneously (Dual Stack).
Prevention System
NIPS.REQ.020
Network Intrusion
Prevention System
The device should support botnet protection based on:
a) BOT detection
b) Command and control database
NIPS.REQ.021
NIPS.REQ.022
Network Intrusion
The device should protect against DOS/DDOS attacks based on Threshold
Prevention System
based detection.
Network Intrusion
Performance
Prevention System
Should have minimum Inspected throughput of 1 Gbps for all kinds of
traffic.
Should support minimum 500,000 Concurrent Connections.
Should have dedicated 10/100/1000 RJ45 Management Interface.
The device should have 8 10/100/1000 ports.
NIPS.REQ.023
Network Intrusion
Reporting and Alerting
Prevention System
NIPS.REQ.024
Network Intrusion
The management platform should provide robust reporting capabilities,
Prevention System
including a selection of pre-defined reports and the ability for complete
customization and generation of new reports.
NIPS.REQ.025
Network Intrusion
Prevention System
Availability
January 2016
NIPS.REQ.026
Network Intrusion
Sensors should support built-in capability of failing close and failing open,
Prevention System
such that communications traffic is still allowed to pass if the inline
sensor goes down.
NIPS.REQ.027
Network Intrusion
Third-Party Integration
Prevention System
NIPS.REQ.028
NIPS.REQ.029
Network Intrusion
The management platform should include an integration mechanism, to
Prevention System
enable respond to threats.
Network Intrusion
Network Behavior Analysis (NBA)
Prevention System
NIPS.REQ.030
NIPS.REQ.031
Network Intrusion
The solution should provide NBA capability to detect threats emerging
Prevention System
from both outside the network & inside the network.
Network Intrusion
Threat Protection
Prevention System
NIPS.REQ.032
Network Intrusion
Detection rules should be based on an extensible, open language that
Prevention System
enables users to create their own rules, as well as to customize any
vendor-provided rules.
NIPS.REQ.033
Network Intrusion
The detection engine should be capable of detecting and preventing a
Prevention System
wide variety of threats (e.g., malware, network probes/reconnaissance,
VoIP attacks, buffer overflows, P2P attacks, zero-day threats, etc.).
NIPS.REQ.034
Network Intrusion
Sensors should be capable of performing packet-level forensics and
Prevention System
capturing raw packet data in response to individual events without
significant performance degradation.
NIPS.REQ.035
Network Intrusion
Policy Configuration
Prevention System
NIPS.REQ.036
NIPS.REQ.037
NIPS.REQ.038
Network Intrusion
The device should have facility to enable/disable each individual
Prevention System
signature. Each signature should allow granular tuning.
Network Intrusion
The device should support granular management. Should allow policy to
Prevention System
be assigned per device, port, VLAN tag, IP address/range.
Network Intrusion
The device must have facility to exempt IPS inspection for a particular
Prevention System
signature based on
a) Source or Destination IP/Subnet
b) Between two IP/subnet
NIPS.REQ.039
Network Intrusion
Prevention System
The device should support a wide range of response actions:
a) Block traffic
b) Ignore
c) TCP reset
d) Packet capture
e) Email alert
f) SNMP alert
January 2016
g) Syslog alert
NIPS.REQ.040
Network Intrusion
Real-Time Awareness
Prevention System
NIPS.REQ.041
NIPS.REQ.042
Network Intrusion
The solution should be capable of gathering information about network
Prevention System
hosts and their activities.
Network Intrusion
The solution should be capable of employing an extensive set of
Prevention System
contextual information (e.g., behavior of the network) to improve the
efficiency and accuracy of analysis of detected events.
NIPS.REQ.043
NIPS.REQ.044
Network Intrusion
The solution should be capable of providing the appropriate inspections
Prevention System
and protections for traffic sent over non-standard communications ports.
Network Intrusion
High Availability
Prevention System
NIPS.REQ.045
Network Intrusion
The device should support High Availability.
Prevention System
NIPS.REQ.046
NIPS.REQ.047
Network Intrusion
The device should support both Active/Passive and Active/Active
Prevention System
configuration
Network Intrusion
Management and Usability
Prevention System
NIPS.REQ.048
NIPS.REQ.049
Network Intrusion
The solution should support centralized, life cycle management for all
Prevention System
sensors.
Network Intrusion
The solution should be accessible via a web-based SSL interface.
Prevention System
12.2 Host based Intrusion Prevention System
Sr. No.
Nature of
Requirement
HIPS.REQ.001
General Requirement
The proposed solution should be a virtualization aware solution that
provides advanced protection for systems.
HIPS.REQ.002
General Requirement
The proposed solution should be supported on multiple operating
systems: Microsoft Windows, Solaris , Red Hat Enterprise & Suse Linux,
etc.
HIPS.REQ.003
General Requirement
The proposed solution should be able to provide protection such as
Antimalware real time, IDS/IPS, Firewall, Integrity changes, and Inspection
of system critical logs for all the systems and should be able to achieve
with the single Agent.
HIPS.REQ.004
General Requirement
The proposed solution should have management console and provide
Prevention and Monitoring support for all the operating systems in the
heterogeneous environment.
January 2016
HIPS.REQ.005
General Requirement
Should provide intrusion detection and protection by analysing events,
operating system logs and inbound/outbound network traffic on
enterprise servers.
HIPS.REQ.006
General Requirement
The proposed solution should employ full, seven-layer, state-based
protocol decoding and analysis. Analyses all packets to and from the
server for and propagation. To detect and prevent attacks, both known
and unknown intrusion attempts. Should prevent the following:
a)
HIPS.REQ.007
General Requirement
Prevents the delivery and installation of kernel-level Root kits.
b)
Prevents cross-site scripting (XSS) attacks.
c)
Prevents SQL injection attacks.
d)
Prevents DOS, DDOS, worm, botnet and Trojan attacks.
e)
Prevent Buffer overflow attacks
f)
Decodes backdoor communications and protocols.
g)
Inspect and block attacks that happen over SSL (HTTP & HTTPS).
The proposed solution should have rule based protection, and for
servers.
HIPS.REQ.008
General Requirement
The proposed solution should have Application based Control rules
provide increased visibility into the applications that are accessing the
network. These rules shall be used to identify malicious users / software
accessing the network and provide insight into suspicious activities such
as allowed protocols over unexpected ports (FTP traffic on a mail server,
HTTP traffic on an unexpected server, or SSH traffic over SSL, etc.)
HIPS.REQ.009
General Requirement
The proposed solution should have detailed events data to provide
valuable information, including the source of the attack, the time, and
what the potential intruder was attempting to exploit, shall be logged.
HIPS.REQ.010
General Requirement
The proposed solution should be capable of blocking and detecting of
IPv6 attacks.
HIPS.REQ.011
General Requirement
The solution should allow blocking based on thresholds.
HIPS.REQ.012
General Requirement
The proposed solution should have detection capability of reconnaissance
activities such as port scans and also detect protocol violations of
standard protocols.
HIPS.REQ.013
General Requirement
The proposed solution should have an auditable reporting should
generate within the solution, along with alert generations, and automated
report creation and delivery.
HIPS.REQ.014
General Requirement
The proposed solution should have Agent installation methods to support
manual local installation and distribution through LDAP / Active Directory.
No restart should be required once the agent is installed on the Servers.
HIPS.REQ.015
General Requirement
The proposed solution should have comprehensive Role Based Access
Control features including controlling who has access to what areas of the
solution and who can do what within the application.
January 2016
13. Security Incident and Event Management
Sr. No.
Item
SIEM.REQ.001
Security Incident &
The solution should support the event throughput rate of minimum 10K
Event Management
EPS (events per second) and should have capability to upgrade up to 20K
EPS.
SIEM.REQ.002
Security Incident &
The solution should have single integrated facility for log investigation,
Event Management
incident management etc. with a search facility to search the collected raw
log data for specific events or data.
SIEM.REQ.003
SIEM.REQ.005
SIEM.REQ.006
SIEM.REQ.007
Security Incident &
A well-defined architecture along with pre and post installation document
Event Management
need to be shared by the bidder.
Security Incident &
The solution should support collection of events/logs and network flows
Event Management
from distributed environment(s).
Security Incident &
The solution should correlate security/network events to enable the SIEM
Event Management
to quickly prioritize it’s response to help ensure effective incident handling.
Security Incident &
The solution should integrate asset information in SIEM such as
Event Management
categorization, criticality and business profiling and use the same attributes
for correlation and incident management.
SIEM.REQ.008
SIEM.REQ.009
SIEM.REQ.010
Security Incident &
The solution should provide remediation guidance for identified security
Event Management
incident:
Security Incident &
a)
Event Management
choosing from the SOPs) to be used in incident analysis/remediation.
Security Incident &
b)
Event Management
levels of escalations. The solution should offer a means of escalating alerts
Solution should be able to specify the response procedure (by
The solution should have provision for work flow based multiple
between various users of the solution, such that if alerts are not
acknowledged in a pre- determined timeframe, that alert is escalated to
ensure it is investigated.
SIEM.REQ.011
Security Incident &
The solution should facilitate best practices configuration to be effectively
Event Management
managed in a multi-vendor and heterogeneous information systems
environment.
SIEM.REQ.012
Security Incident &
The solution should provide capability to discover similar patterns of
Event Management
access, communication etc. occurring from time to time, for example, slow
and low attack.
SIEM.REQ.013
SIEM.REQ.014
SIEM.REQ.015
Security Incident &
The solution should have an exhaustive incident tracking system that
Event Management
can track, investigate and resolve events in work-flow like environment
Security Incident &
The bidder should perform regular (at least twice a year) health check and
Event Management
fine tuning of SIEM solution and should submit a report to the Department.
Security Incident &
The solution should share the list of out of the box supported devices/log
Event Management
types.
January 2016
SIEM.REQ.016
Security Incident &
The solution should support hierarchical structures for distributed
Event Management
environments. The solution should have capability for correlation of events
generated from multiple SIEM(s) at different location in single management
console.
SIEM.REQ.017
SIEM.REQ.018
Security Incident &
The event correlation on SIEM should be in real time and any delay in the
Event Management
receiving of the events by SIEM is not acceptable.
Security Incident &
The solution should support internal communication across SIEM-
Event Management
components via well-defined secured channel. UDP or similar ports should
not be used.
SIEM.REQ.019
SIEM.REQ.020
Security Incident &
Event dropping/caching by SIEM solution is not acceptable and same
Event Management
should be reported and corrected immediately.
Security Incident &
The solution should be able to import the vulnerability information from
Event Management
scanning and assessment tools on real time basis and correlate them /
provide contextual information on vulnerability data to incidents for all
possible implications.
SIEM.REQ.021
SIEM.REQ.022
SIEM.REQ.023
Security Incident &
The solution should be able to facilitate customized dashboard creation,
Event Management
supporting dynamic display of events graphically.
Security Incident &
The solution should be able to capture all the fields of the information in
Event Management
the raw logs.
Security Incident &
The solution should support storage of raw logs for forensic analysis.
Event Management
SIEM.REQ.024
SIEM.REQ.025
Security Incident &
The solution should be able to integrate logs from new devices into existing
Event Management
collectors without affecting the existing SIEM processes.
Security Incident &
The solution should have capability of displaying of filtered events based
Event Management
on event priority, event start time, end time, attacker address, target
address etc.
SIEM.REQ.026
SIEM.REQ.027
Security Incident &
The solution should support configurable data retention policy based on
Event Management
organization requirement.
Security Incident &
The solution should provide tiered storage strategy comprising of online
Event Management
data, online archival, offline archival and restoration of data. Please
elaborate on log management methodology proposed.
SIEM.REQ.028
SIEM.REQ.029
SIEM.REQ.030
SIEM.REQ.031
Security Incident &
The solution should compress the logs by at least 70% or more at the time
Event Management
of archiving.
Security Incident &
The solution should have capability for log purging and retrieval of logs
Event Management
from offline storage.
Security Incident &
The solution should support networked and scalable storage using SAN,
Event Management
NAS, DAS etc.
Security Incident &
The solution should provide capability for configuration backup.
Event Management
SIEM.REQ.032
Security Incident &
Solution should be capable of replicating logs for replication from Primary
Event Management
site to DR site.
January 2016
SIEM.REQ.033
Security Incident &
The solution should provide proactive alerting on log collection failures so
Event Management
that any potential loss of events and audit data can be minimized or
mitigated.
SIEM.REQ.034
Security Incident &
The solution should provide a mechanism (in both graphic and table
Event Management
format) to show which devices and applications are being monitored and
determine if a continuous set of collected logs exist for those devices and
applications.
SIEM.REQ.035
SIEM.REQ.036
Security Incident &
The solution should support automated scheduled archiving functionality
Event Management
into file system.
Security Incident &
The solution should support normalization of real time events.
Event Management
SIEM.REQ.037
SIEM.REQ.038
SIEM.REQ.039
Security Incident &
The solution should provide a facility for logging events with category
Event Management
information to enable device independent analysis.
Security Incident &
The solution should support aggregation techniques that consolidate
Event Management
multiple identical raw events into one processed event.
Security Incident &
The platform should be supplied on Hardened OS embedded in Hardware /
Event Management
Virtual Appliance. The storage configuration should offer a RAID
configuration to allow for protection from disk failure.
SIEM.REQ.040
Security Incident &
The platform should have High Availability Configuration of necessary SIEM
Event Management
components to ensure there is no single point of failure. Please describe
the architecture proposed to meet this requirement.
SIEM.REQ.041
Security Incident &
By default at the time of storage, solution should not filter any events.
Event Management
However, solution should have the capability of filtering events during the
course of correlation and report generation.
SIEM.REQ.042
SIEM.REQ.043
SIEM.REQ.044
SIEM.REQ.045
SIEM.REQ.046
Security Incident &
The solution should ensure the integrity of logs. Compliance to regulations
Event Management
should be there with tamper-proof log archival.
Security Incident &
Solution should have inbuilt query analysis capability without requiring any
Event Management
third party solution.
Security Incident &
The solution should be able to continue to collect logs during backup, de-
Event Management
fragmentation and other management scenarios.
Security Incident &
The solution should support collection of logs from all the devices quoted
Event Management
in RFP.
Security Incident &
The collection devices should support collection of logs via the following
Event Management
but not limited methods:
1.
Syslog over UDP / TCP
2.
SNMP
3.
ODBC (to pull events from a remote database)
4.
FTP (to pull a flat file of events from a remote device that can’t directly
write to the network)
5.
Windows Event Logging Protocol
6.
XML
January 2016
7.
SIEM.REQ.047
NetBIOS
Security Incident &
The solution should have native audit capability for end to end incident
Event Management
management. Complete audit trail of incident life cycle (like incident
alerting, action taken by each user, final outcome of incident, closing of
incident) should be maintained.
SIEM.REQ.048
Security Incident &
The solution should allow a wizard / GUI based interface for rules (including
Event Management
correlation rules) creation as per the customized requirements. The rules
should support logical operators for specifying various conditions in rules.
SIEM.REQ.049
Security Incident &
The solution should support all standard IT infrastructure including
Event Management
Networking & Security systems, OS, RDBMS, Middleware, Web servers,
Enterprise Management System, LDAP, Internet Gateway, Antivirus, and
Enterprise Messaging System, Data loss prevention (DLP) etc.
SIEM.REQ.050
Security Incident &
Event Management
The solution should have provision for integration of the following:
a)
Inclusion of user context ”through systems such as LDAP).
b)
The solution should enable the correlation of identity and session
information to assist in responding to incidents that are user centric.
c)
Inclusion of Data context . : The solution should provide the ability to
display the country of origin based on IP address.
d)
SIEM.REQ.051
SIEM.REQ.052
Inclusion of Application context .
Security Incident &
Solution should have license for minimum 10 users for SIEM
Event Management
administration.
Security Incident &
The solution should have the ability to define various roles for SIEM
Event Management
administration, including but not limited to: Operator, Analyst, SOC
Manager etc. for all SIEM components.
SIEM.REQ.053
SIEM.REQ.054
Security Incident &
The solution should support SIEM management process using a web based
Event Management
solution.
Security Incident &
The solution should support the following co- relation:
Event Management
SIEM.REQ.055
Security Incident &
Statistical Threat Analysis - To detect anomalies.
Event Management
SIEM.REQ.056
SIEM.REQ.057
SIEM.REQ.058
SIEM.REQ.059
Security Incident &
Susceptibility Correlation - Raises visibility of threats against susceptible
Event Management
hosts.
Security Incident &
Vulnerability Correlation - Mapping of specific detected threats to specific /
Event Management
known vulnerabilities
Security Incident &
Rules based Correlation - The solution should allow creating rules that can
Event Management
take multiple scenarios like and create alert based on scenarios.
Security Incident &
The solution should also support historical correlation and have capability
Event Management
to analyse historical data using a new correlation rule and carry out trend
analysis on collected data.
January 2016
SIEM.REQ.060
SIEM.REQ.061
Security Incident &
Solution should have capability to correlate based on the threat intelligence
Event Management
for malicious domains, proxy networks, known bad IP’s and hosts.
Security Incident &
The solution should provide ready to use rules for alerting on threats e.g.,
Event Management
failed login attempts, account changes and expirations, port scans,
suspicious file names, default usernames and passwords, High bandwidth
usage by IP, privilege escalations, configuration changes, traffic to nonstandard ports, URL blocked, accounts deleted and disabled, intrusions
detected etc.
SIEM.REQ.062
SIEM.REQ.063
Security Incident &
The solution should support the following types of correlation conditions
Event Management
on log data:
a)
One event followed by another event
b)
Grouping, aggregating, sorting, filtering, and merging of events.
c)
Average, count, minimum, maximum threshold etc.
Security Incident &
The solution should prioritize & enrich events based on existing threats /
Event Management
alerts / incidents on the asset. E.g. If there is a known vulnerability detected
by vulnerability scanner on an asset, solution should categorize the risk
higher since the vulnerability was already known so that action may be
taken pro-actively.
SIEM.REQ.064
Security Incident &
The solution should offer a user interface that is capable of providing the
Event Management
Information Security team an intuitive way of using recognized network
tools e.g. whois, nslookup, ping etc. to assist in analysis and response work.
SIEM.REQ.065
Security Incident &
Event Management
Solution should provide threat scoring based on:
a)
Host, network, priority for both source
& destination
b)
SIEM.REQ.066
SIEM.REQ.067
SIEM.REQ.068
Real-time threat, event frequency, attack level etc.
Security Incident &
The solution should correlate and provide statistical anomaly detection
Event Management
with visual drill down data mining capabilities.
Security Incident &
The solution should have the capability to send notification messages and
Event Management
alerts through email, SMS, etc.
Security Incident &
Solution should support Real-time reporting as well as scheduled reporting
Event Management
SIEM.REQ.069
SIEM.REQ.070
Security Incident &
Solution should support report designing capability without using any third
Event Management
party product.
Security Incident &
Reporting feature should be inherent in the solution and not provided by a
Event Management
third party. The solution should have flexibility to design custom made
reports as required by Department from time to time. Bidder should
design customized reports as desired by Department from time to time.
SIEM.REQ.071
Security Incident &
Customized reports should be configurable / designable via GUI and not
Event Management
CLI
January 2016
SIEM.REQ.072
SIEM.REQ.073
SIEM.REQ.074
SIEM.REQ.075
SIEM.REQ.076
Security Incident &
The tool should provide facility for separate alerting and reporting console
Event Management
for different asset groups.
Security Incident &
The solution should support RADIUS and LDAP / Active Directory for
Event Management
Authentication.
Security Incident &
The solution should provide highest level of enterprise support directly
Event Management
from OEM.
Security Incident &
The solution should provide a single point of contact directly from OEM for
Event Management
all support reported OEM.
Security Incident &
The solution should mention the response time for customized parsers
Event Management
writing for out of box unsupported device log types or in case of version
upgrade(s) which lead to a new log type.
SIEM.REQ.077
SIEM.REQ.078
SIEM.REQ.079
Security Incident &
The solution should ensure continuous training and best practice updates
Event Management
for onsite team from its backend resources.
Security Incident &
The solution should provide the report generation progress status in the
Event Management
console.
Security Incident &
Solution should support log integration for IPv4 as well as for IPv6.
Event Management
SIEM.REQ.080
Security Incident &
Solution should provide inbuilt dashboard for monitoring the health status
Event Management
of all the SIEM components, data insert/retrieval time, resource utilization
details etc.
SIEM.REQ.081
Security Incident &
Solution should support at least 100 default correlation rules for detection
Event Management
of network threats and attacks. The performance of the solution should not
be affected with all rules enabled.
SIEM.REQ.082
Security Incident &
The central management console/ Enterprise Security managers/receivers
Event Management
should be in high availability.
January 2016
14. Vulnerability Management and Penetration Testing
Sr. No.
Item
VAPT.REQ.001
Vulnerability
Bidder should have proposed the VM service in the organization/project
Management (VM) and
of the size of Department having comparable number of hardware
Penetration Testing (PT)
devices and software, heterogeneity in information systems setup,
complexity, etc. as mentioned in assets section of this RFP.
VAPT.REQ.002
Vulnerability
The solution shall provide the facility of Vulnerability Assessment of
Management (VM) and
Android platform that will be running on the MDTs.
VAPT.REQ.003
VAPT.REQ.004
VAPT.REQ.005
VAPT.REQ.006
Vulnerability
The solution which would be used for the Department should have
Management (VM) and
received industry recognition / award / certification. Please provide
details of such recognition.
Vulnerability
The solution should support different platforms of OS, RDBMS,
Management (VM) and
networking and security devices and others from time to time. Please
provide details of platforms supported.
Vulnerability
The solution should be accessible from a web based client which can be
Management (VM) and
installed centrally and accessible by users across the organization in
different offices.
Vulnerability
The solution should allow organizations to create multiple assessment
Management (VM) and
profiles for any platform.
VAPT.REQ.007
Vulnerability
The solution should allow organizations to customize the checks as per
Management (VM) and
the organization policy and requirements.
VAPT.REQ.008
Vulnerability
The solution should allow Department to schedule the VA of selected
Management (VM) and
assets for a pre-defined date and time.
VAPT.REQ.009
Vulnerability
Bidder should have scripts which are capable of manually collecting the
Management (VM) and
security configuration data from the assets.
VAPT.REQ.010
Vulnerability
The solution should support upload of the security configuration data for
Management (VM) and
detailed assessment and analysis.
VAPT.REQ.011
VAPT.REQ.012
Vulnerability
The solution should perform intelligent port scanning for service
Management (VM) and
identification running on non-standard ports and also support scanning
throttling / rate limiting speed.
Vulnerability
The solution should be capable of Policy Compliance, Baseline Policy
Management (VM) and
Scan.
January 2016
VAPT.REQ.013
Vulnerability
The solution should have internal security controls like different
Management (VM) and
privileges for admin/operators etc., strong password etc.
VAPT.REQ.014
Vulnerability
The solution should provide secure configuration document for all the
Management (VM) and
platforms including implementation steps for all checks.
VAPT.REQ.015
VAPT.REQ.016
Vulnerability
The solution should allow organizations to create asset details of all
Management (VM) and
servers and devices with their IP, platform details, owner, location,
department and value of the asset.
Vulnerability
The solution should provide functionality for automated VA over network
Management (VM) and
(with remote access) as also manual vulnerability assessment.
VAPT.REQ.017
Vulnerability
The solution should not require any of their agents to be pre- installed in
Management (VM) and
the target assets to enable automated VA.
VAPT.REQ.018
Vulnerability
Bidder should capture risk profile of assets to prioritize security
Management (VM) and
measures.
VAPT.REQ.019
Vulnerability
Secure configuration baseline software should have the provision to add
Management (VM) and
custom risks along with the value of risks.
VAPT.REQ.020
VAPT.REQ.021
Vulnerability
Configuration assessment of database should check for the items given
Management (VM) and
below. This is a minimum indicative list, bidders are encouraged to check
for more settings in line with best practices (SANS, NIST, CERT-IN):
a)
Default passwords
b)
Look for latest patches and updates
c)
Test for secure authentication mechanism
d)
Configuration issues
Vulnerability
Configuration assessment of network & security devices should check for
Management (VM) and
the items given below. This is a minimum indicative list, bidders are
encouraged to check for more settings in line with best practices (SANS,
NIST, CIS, CERT-IN):
a)
Access Control
b)
System Authentication – remote administration security,
password security
c)
Auditing and Logging
d)
Insecure Dynamic Routing Configuration
e)
Insecure Service Configuration – Unnecessary services
running, SNMP service security
January 2016
f)
Insecure TCP/IP Parameters – source routing, IP directed
broadcasts, UDP broadcast forwarding
g)
VAPT.REQ.022
Vulnerability
Latest version not used
Bidder should be able to provide the following VM services.
Management (VM) and
VAPT.REQ.023
Vulnerability
Provide accurate network discovery detail.
Management (VM) and
VAPT.REQ.024
Vulnerability
Identify network risks and prioritize issues as H, M, L (High, Medium and
Management (VM) and
Low).
VAPT.REQ.025
Vulnerability
Identify Asset-Based Threat Profiles: Organizational view.
Management (VM) and
VAPT.REQ.026
Vulnerability
Identify Infrastructure Vulnerabilities: Technological view.
Management (VM) and
VAPT.REQ.027
Vulnerability
Management (VM) and
VAPT.REQ.028
VAPT.REQ.029
Vulnerability
Provide Protection Strategy for the Organization, Mitigation Plans for the
Management (VM) and
vulnerable assets and Action lists (Immediate, Mid-term & Long term) for
the near term actions.
Vulnerability
Configuration of all Network Equipment should be verified for any
Management (VM) and
Security threats, which include the following:
1.
Smurf and SYN Flood.
2.
DOS Attacks.
3.
Protection against Viruses / SLAMMER / Trojans etc.
a.
Communication Controls.
b.
Open Ports & Services.
c.
Firewall/ACLs (Access Control List), Open ports/Services.
d.
Whether LAN Access policy are well defined.
e.
Whether Redundancy of Ethernet ports are available on the servers.
f.
Redundancy at power levels UPS and capacity, and
recommendations.
g.
Checking for Trojans and Slammer.
h.
Checking of VLAN architecture and Security measures.
January 2016
4.
Server(s) Security Policies
a.
Verification of access lists and account settings to ensure access is
configured based on need to do.
b.
Whether unused and default accounts are disabled.
c.
Validate the key registry settings & group policies/local policies.
d.
Scanner should be run to check and verify for only application
specific ports are open.
e.
Un- patched vulnerabilities in the operating system of the critical
and important Servers especially MAIL Server, Proxy Servers, database
Servers, DNS Servers, DHCP servers.
f.
Does the Server setup perform proper authentication to suit the
risk associated with their access?
g.
Assessing the security segmentation of the different risk levels of
servers and users.
h.
Verifying the High Availability of the Enterprise Servers like Mail
server, Department’s critical Application Server, Proxy server and
Primary Domain Controller (PDC).
i.
Shared resources present with insecure permission.
j.
Assessing the permission assigned to critical system files and
folders.
k.
Verification of audit logs settings.
l.
Password and account lockout policy settings.
m.
Non-essential services running on servers.
n.
Whether servers are updated with latest service packs and patches.
o.
Whether servers are updated with latest security patches.
5.
Network Devices
a.
Whether logs and debug information are properly time stamped.
b.
Insecure RIP Configuration.
c.
Insecure OSPF Configuration.
d.
Insecure BGP configuration.
e.
Verification of the use of default SNMP community strings
6.
Security Devices
a.
AAA authentication for enable mode
b.
AAA authentication for console
c.
Unencrypted remote administration
January 2016
d.
High authentication proxy-limit
e.
Fragment protection
7.
Desktop Security
a.
Vulnerability scanning of desktop systems
b.
Observe, analyze and assess the operations being performed from
desktop system
c.
Analyze the vulnerability scanning report
d.
Detailed report on findings with suggestions and
recommendations.
e.
VAPT.REQ.030
Anti-malware control on the workstations
Vulnerability
The assessment should check for various categories of threat to the
Management (VM) and
network including:
VAPT.REQ.031
Vulnerability
1.
Management (VM) and
possible
2.
Unauthorized access into the network and extent of such access
Unauthorized modifications to the network and the traffic flowing
over network
3.
Extent of information disclosure from the network
4.
Spoofing of identity over the network
5.
Possibility of denial of services
6.
Possible threats from malicious codes (viruses and worms)
7.
Effectiveness of Virus Control system
a.
In E-mail gateways
b.
In usage of other media – Floppies/CD/USB – ports
c.
Control over network points
d.
Can visitor plug in laptops / devices?
e.
Control over access Time, station, dial-up and so on.
8.
Possibility of traffic route poisoning
9.
Configuration issues related to access lists, account settings
10. Whether the IOS is latest and not been in the Security Advisories
11. Vulnerabilities assessment of routers, switches, IPS and other
network devices against hardening standards of the organization.
January 2016
VAPT.REQ.32
Vulnerability
Access Control every router / Switches should be checked for the
Management (VM) and
following configuration standards:
VAPT.REQ.33
Vulnerability
1.
Management (VM) and
authentication
2.
Whether routers/ Switches are using AAA model for all user
Whether enable password on the routers/ Switches are secure
encrypted form
3.
Whether it meets the password policy with minimum Characters in
length
4.
Whether local and remote access to the Networking devices are
limited & restricted.
Validate following services for security, effectiveness and efficiency on all
Network devices:
VAPT.REQ.34
Vulnerability
Management (VM) and
1.
IP directed broadcasts
2.
Incoming packets at the router sourced with invalid addresses such
as RFC1918 address
3.
TCP small services
4.
UDP small services
5.
All source routing
6.
All web services running on router
7.
What standardized SNMP community strings used
8.
Logging & Auditing
9.
Execution of wireless network scans in the network
10. Assessing presence of any broadband internet connections, wireless
data-cards and phone modems.
VAPT.REQ.35
Vulnerability
Open ports, vulnerable services running on remote host.
Management (VM) and
VAPT.REQ.36
Vulnerability
Attempt to guess passwords using password cracking tools or brute
Management (VM) and
forcing.
VAPT.REQ.37
Vulnerability
Search for back door trap in the application / server.
Management (VM) and
VAPT.REQ.38
Vulnerability
Management (VM) and
Attempt to overload the system using DDoS & DoS at application level.
January 2016
VAPT.REQ.39
Vulnerability
Check for commonly known holes in the software like browser based
Management (VM) and
vulnerabilities , email application / flash etc.
VAPT.REQ.40
Vulnerability
Check for common vulnerabilities (vulnerabilities list should be based on
Management (VM) and
OWASP TOP 10/SANS 25 list) and should include issues like data
validation, business rule transgression, file upload, csrf IP Spoofing,
Buffer overflows, session hijacks, account spoofing, frame spoofing,
caching of web pages, cross site scripting, SQL injection, stealing
password of other users, session management, Stealing of sensitive data
etc.
VAPT.REQ.41
Vulnerability
Check for vulnerabilities that could be exploited for website defacement
Management (VM) and
& unauthorized modification of internet website.
VAPT.REQ.42
Vulnerability
Secured Server authentication procedures.
Management (VM) and
VAPT.REQ.43
Vulnerability
Review logical access to core applications, OS, databases, network
Management (VM) and
segments.
VAPT.REQ.44
Vulnerability
Review logical access to Department’s web application, OS, database,
Management (VM) and
network, physical access control hosted at ISP’s premises.
VAPT.REQ.45
Vulnerability
Program change management and Version control checks.
Management (VM) and
VAPT.REQ.46
Vulnerability
Weak SSL certificate and ciphers.
Management (VM) and
VAPT.REQ.47
Vulnerability
Configuration checks for OS, Web Server, Application Frameworks, and
Management (VM) and
DB.
VAPT.REQ.48
Vulnerability
DB access and database security should be segregated from application.
Management (VM) and
VAPT.REQ.49
Vulnerability
Management (VM) and
Load Balancer to be checked for transparent transfer.
January 2016
15. Anti-Advanced Persistent Threat
Sr. No.
Item
AAPT.REQ.001
Anti-APT Solution
The solution should be able to inspect and block all network sessions
regardless of protocols for suspicious activities or files at various
entry/exit sources to the network.
AAPT.REQ.002
Anti-APT Solution
The solution should be able to work in inline mode and protect against
Advanced Malware, zero-day web exploits and targeted threats without
relying on signature database.
AAPT.REQ.003
Anti-APT Solution
The solution should be able to identify malware present in network file
shares and web objects (EXE, DLL, PDF, Microsoft Office Documents)
Java (.jar and class files), embedded objects such as JavaScript, Flash,
images etc. , compressed (zip) and encrypted (SSL) content.
AAPT.REQ.004
Anti-APT Solution
The solution should be able to block malware downloads over different
protocols.
AAPT.REQ.005
Anti-APT Solution
The solution should be able to identify spear phishing email containing
malicious URLs and attachments that bypass the anti-SPAM
technologies.
AAPT.REQ.006
Anti-APT Solution
The solution should have Sandbox test environment which can analyse
threats to various operating systems, browsers, databases etc.
AAPT.REQ.007
Anti-APT Solution
The solution should support both inline and out of the band mode.
AAPT.REQ.008
Anti-APT Solution
The solution should be able to detect and prevent bot outbreaks
including identification of infected machines. It is expected that Bidder
will quote best of the breed solution that can detect and protect
Department against zero day and advanced stealth malware attacks,
non signature-based threats and data exfiltration through different
threat vectors.
AAPT.REQ.009
Anti-APT Solution
The solution should be appliance based with hardened OS. No
information should be sent to third party systems for analysis of
malware automatically.
AAPT.REQ.010
Anti-APT Solution
The solution should be able to block the call back tunnel including fast
flux connections.
AAPT.REQ.011
Anti-APT Solution
The solution should be able to capture packets for deep dive analysis.
AAPT.REQ.012
Anti-APT Solution
The solution should be able to pinpoint the origin of attack.
AAPT.REQ.013
Anti-APT Solution
The solution should be able to conduct forensic analysis on historical
data.
AAPT.REQ.014
Anti-APT Solution
Dashboard should have the feature to report Malware type, file type,
CVE ID, Severity level, time of attack, source and target IPs, IP protocol,
Attacked ports, Source hosts etc.
January 2016
AAPT.REQ.015
Anti-APT Solution
The solution should generate periodic reports on attacked ports,
malware types, types of vulnerabilities exploited etc.
AAPT.REQ.016
Anti-APT Solution
The solution should be able to export event data to the SIEM or Incident
Management Systems. Without having Integration between different
security components a unified security can't be achieved it is therefore
expected from the bidder to design the security architecture in such a
way which protects the Department Infrastructure is best possible way
without resulting in Vendor Locking and Proprietary Standards /
Features. Level and depth of Integration has to be proposed by bidder.
AAPT.REQ.017
Anti-APT Solution
Solution should be able to monitor encrypted traffic.
AAPT.REQ.018
Anti-APT Solution
The management console should be able to provide information about
the health of the appliance such as CPU usage, traffic flow etc. The APT
solution should have sufficient RAM,& HDD considering the
Department requirements. The Management console should be be able
to provide information about the health of the appliance such as CPU
usage, traffic flow etc.
AAPT.REQ.019
Anti-APT Solution
The solution should display the geo-location of the remote command
and control server.
AAPT.REQ.020
Anti-APT Solution
The solution should be able to integrate with Active Directory / LDAP to
enforce user based policies.
January 2016
16. Data Leakage Prevention System
Sr. No.
Nature of
Requirement
DLP.REQ.001
General
The Solution should have Centralized Management, web based console for
Requirement
System Administration
General
The solution should integrate with the existing LDAP for Authentication and
Requirement
provide Administrative roles based on LDAP groups.
General
The solution should have Secure Storage of System Passwords and Data
Requirement
Repository.
General
The solution should maintain audit logs that track administrator activity within
Requirement
the DLP suite that can provide details on policy modifications, logins, and
DLP.REQ.002
DLP.REQ.003
DLP.REQ.004
other administrative activity. The following details should be logged-
a) creation, deletion, and updating of DLP groups
b) creation, deletion, and updating of DLP user roles
c) changes to the configuration of DLP Network, including creating, deleting, or
modifying the configuration
d) all logins to the centralized web console
e) creation, deletion, and updating of DLP policies
DLP.REQ.005
DLP.REQ.006
DLP.REQ.007
DLP.REQ.008
DLP.REQ.009
DLP.REQ.010
DLP.REQ.011
General
The solution should have Ability to deploy temporary agents for scanning and
Requirement
support incremental scans to speed up the scanning time
General
The solution should provide a very fine grained access control allowing
Requirement
creation of roles with any combination of permissions
General
The solution should have feature to create a role with access to system
Requirement
administration functions but not to policy, incident, or employee information.
General
The solution should have feature to create a role to have the ability to author
Requirement
policies but not to deploy them live on the network.
General
The solution should have feature to create a role to that allows users to view
Requirement
incidents but not to modify or remediate them.
General
Feature to create a role that has the ability to see summary reports, trend
Requirement
reports and high-level metrics without the ability to see individual incidents?
Content
Pre-Built Described Content Definitions, dictionaries with Contextual Criteria,
Recognition
Proximity Criteria, Weighting Criteria, Fingerprinting, Fingerprinting Crawler
with definable parameters, Databases Fingerprinting with Ability to select
Must Have and May have columns. Detection of Encrypted Files and Password
protected files
January 2016
DLP.REQ.012
Content
The solution should detect based on file content and not file extension. The
Recognition
solution should not modify or add to the actual content in any case unless it
requires encryption and/or quarantining
DLP.REQ.013
Policies
The solution should have Out of the box predefined Policies.
DLP.REQ.014
Policies
The solution should have Custom Policy definition upon File type (extension
and true file type) , Network Destination - sender/recipient IP and/or email
address, Transmission attributes, protocol types, Identity per LDAP user and
groups, content type, Risk and Severity
DLP.REQ.015
Configuration
System should allow for configurable scoring of incident severity based
on the following a. Amount of data records exposed?
b. Specific senders or recipients
c. Network protocol
d. Specific records that were exposed
e. Specific documents that were exposed
f. Custom Active Directory attribute
g. Network Source and Destination
DLP.REQ.016
General
The solution should support inclusion and exclusion detection rules based on
Requirement
corporate directory data to enforce policy based on attribute of senders or
receivers such as business unit, department, job level, employment status,
security clearance, geography, or employee vs. contractor
DLP.REQ.017
General
The solution should have predefined detection policies to cover regulations
Requirement
and detection best practices, including pre-defined lexicons for commonly
required regulations
DLP.REQ.018
General
The solution should support fingerprinting along with described content
Requirement
DLP.REQ.019
General
The solution allow creating policies applicable to individual users or groups as
Requirement
a whole. It should be possible to define exceptions of individual users in a
group when the policy is defined for the whole group
DLP.REQ.020
DLP.REQ.021
General
The same policy should be applicable for the defined content in all possible
Requirement
locations as described above - data at rest, data in motion and data in use
General
The policy should be able to apply different actions when a particular
Requirement
endpoint is within the company network and while it is not connected to the
network. The scanning capabilities should not differ in both the modes
January 2016
DLP.REQ.022
General
The solution should provide identical detection capabilities across all threats
Requirement
covered (e.g., for both network and endpointbased products, and for both
data monitoring and prevention and data discovery and protection)
DLP.REQ.023
General
Support segregated mechanism to define policy and content definition
Requirement
allowing the same content discovery definition to be used by multiple policies
and each policy to act on multiple content discover definition
DLP.REQ.024
General
the solution should provide a SINGLE web based interface for ALL aspects of
Requirement
policy editing and policy management, across all products (across monitoring
and prevention and across network and endpoint)
DLP.REQ.025
General
The solution should protect data on move e.g SMTP including attachments,
Requirement
POP3 including attachments, IMAP, HTTP including file uploads, FTP, IM
protocols (AIM, Yahoo, MSN, Google) and properly classify tunneled IM traffic
(HTTP)
DLP.REQ.026
General
For each of the Internet gateways for SMTP and web traffic dedicated
Requirement
appliances should be provided to monitor and manage any remediation
locally without requiring sending the traffic back to a remote server
DLP.REQ.027
General
The solution should be able to quarantine any mail that violates DLP policies
Requirement
and notification should be sent to inform for either a self-release of the
quarantine mail or by the manager or automated release/drop within a
specified time-period
DLP.REQ.028
DLP.REQ.029
General
Support scanning Windows file systems, Unix File Systems, Storage devices,
Requirement
MS SharePoint, WebDAV, archived and stored emails and RDBMS
General
Definable Scan Schedules and Scan windows (ex: pause & resume)
Requirement
DLP.REQ.030
General
Ability to meter the scanning speed to ensure optimal resource usage, balance
Requirement
scan load across multiple scanning systems and ability to dynamically
commission additional scanning systems to increase scan performance
DLP.REQ.031
General
Preserve file attributes including 'last accessed' attribute
Requirement
DLP.REQ.032
General
The solution should support full and partial text fingerprinting and full binary
Requirement
fingerprinting
January 2016
17. Network Access Control
Sr. No.
Nature of
Requirement
NAC.REQ.001
General Requirement
The solution must be deployable using an integrated single
appliance supporting all the features and functionalities (multiple
appliances may only be used to increase scalability and/or support highavailability).
NAC.REQ.002
General Requirement
The offered solution must be physical appliance based.
NAC.REQ.003
General Requirement
The solution should discover any new network device entering the
network and permit network access based upon the policy for this
network device.
NAC.REQ.004
General Requirement
The solution should provide access solution for guests and visitors. The
solution should support Captive portal based solution for these classes of
users.
NAC.REQ.005
General Requirement
The solution should be able to restrict any unmanaged device in the
network and should be able to provide LAN and guest users access to
network resources based on policy based (Authentication, posture check,
firewall) rules.
NAC.REQ.006
General Requirement
The solution should have a provision to support non-NAC capable hosts
(i.e., printers, IP phones, etc.) based on Mac address or other parameter
and it should support exception lists for non-NAC capable hosts.
NAC.REQ.007
General Requirement
The logs should support logs for all activities
NAC.REQ.008
General Requirement
The solution should provide real time alerts.
NAC.REQ.009
General Requirement
The solution must support multiple operating systems Windows Client
Operating System, Windows Server Operating System, Apple MAC client
operating system.
NAC.REQ.010
General Requirement
The offered solution must have HA (High Availability) implemented.
Failure of a single device should not affect the functionality of the overall
solution.
NAC.REQ.011
Integration with
Platform must be deployable in out-of-band model. Should not add bottle
Network
necks / more overheads to existing network operations and performance.
environment
NAC.REQ.012
Integration with
Solution must be agnostic to existing wired, wireless and VPN
Network
network in place today and it must support any type of networking
environment
equipment (wired, wireless, VPN).
January 2016
NAC.REQ.013
Integration with
Should dynamically set VLANs on the switch ports according to the
Network
policies set for the devices connected to it.
environment
NAC.REQ.014
Content Recognition
Solution must validate List of Allowed Applications running on the
Machine [Mandatory and Optional] with User Notification and AutoRemediation.
NAC.REQ.015
Device
The solution must support the following authentication methods:
Authentication and
Network Access
Control
NAC.REQ.016
Device
Authentication and
Network Access
Control
1. 802.1X Authentication
2. Agent-Based
3. Agent-less Authentication/ captive portal
The solution must support the following enforcement technologies:
1. VLAN steering
2. Access control lists
3. Vendor-specific RADIUS attribute
Solution must support access based on device type and ownership
NAC.REQ.017
General Requirement
Should support AAA Server Functionalities
NAC.REQ.018
General Requirement
Management and administration functionalities
NAC.REQ.019
General Requirement
The offered solution must be complete so as to support central
management if multiple appliances/servers are involved.
NAC.REQ.020
General Requirement
Should support GUI-based management.
NAC.REQ.021
General Requirement
The solution must be able to generate report for the following
parameters:
1. PCs complied with the NAC Policy
2. PCs quarantined
3. Guest PCs connected
4. Network devices connected
NAC.REQ.022
General Requirement
Must support searching of Devices by MAC Address / IP Address /Device
Name.
NAC.REQ.023
General Requirement
Solution must correlate and organize user, authentication and device
information together for easier troubleshooting,
NAC.REQ.024
Network Discovery
Solution should support MAC based 802.1 X authentication
NAC.REQ.025
Network Discovery
Should provide information regarding the endpoint connected to switch,
MAC address, IP address and VLANs.
January 2016
NAC.REQ.026
Organization wide
All assets should be checked against the policies set & should classify
asset Management &
hosts as compliant & non-compliant.
Remediation
January 2016
18. Database Activity Monitoring System
Sr. No.
Nature of
Requirement
DAM.REQ.001
General
Solution should support flexible rules that allow enforcement of security
Requirement
policy with no false positive alerts.
General
Solution should be able to receive feeds from a mirrored port as well as from
Requirement
the agents installed on the database servers.
General
Audit trail should be stored within the solution in encrypted flat files and it
Requirement
should not be stored in any database.
General
Solution should be easy to deploy and scalable.
DAM.REQ.002
DAM.REQ.003
DAM.REQ.004
Requirement
DAM.REQ.005
General
Multiple user roles the facilitate separation of duties.
Requirement
DAM.REQ.006
DAM.REQ.007
General
Easily monitor access to sensitive data (e.g. show all access to credit card
Requirement
table).
General
The ability to generate alert on policy violations. Solution should provide real
Requirement
time monitoring and rule based alerting. As an example a rule that generates
an alert every time a DBA performs a select query on credit card table.
DAM.REQ.008
DAM.REQ.009
General
The solutions should have support for the Database proposed for the project
Requirement
as well as common databases such as SQL, Oracle etc.
General
Monitor and report on data manipulation language (DML) commands.
Requirement
DAM.REQ.010
General
Capture and report on data definition language (DDL) commands
Requirement
DAM.REQ.011
General
Group objects (sensitive and financial) and activities for use in reporting.
Requirement
DAM.REQ.012
DAM.REQ.013
General
Track execution of stored procedures, including who executed a procedure,
Requirement
what procedure name and when, which tables were accessed as a result
General
Track and audit administrative commands such as GRANT
Requirement
DAM.REQ.014
General
Track and report all failed logins.
Requirement
DAM.REQ.015
DAM.REQ.016
General
Create specific rules on observed events, sending SMTP alerts when the rules
Requirement
are violated.
General
Monitor local access & encrypted connections (Oracle ASO, SSL, etc.)
Requirement
January 2016
DAM.REQ.017
General
Solution should support a default set of predefined reports
Requirement
DAM.REQ.018
DAM.REQ.019
General
Solution should support creation of ad-hoc reports without using any third
Requirement
party tool
General
Solution should support report scheduling
Requirement
DAM.REQ.020
General
The solution should support redundant architecture to ensure that if the
Requirement
primary systems of the solution fails the DR systems can take over without
any loss of events or disruption of service
DAM.REQ.021
General
The solution should have a centralized log management feature.
Requirement
DAM.REQ.022
DAM.REQ.023
General
The solution should provide high availability at Primary site and should
Requirement
support Active – Active, Active – Standby mode with DR setup.
General
Solution and agents (if any) should be centrally manageable.
Requirement
DAM.REQ.024
DAM.REQ.025
DAM.REQ.026
General
If the solution is software based then please mention hardware configuration
Requirement
requirement.
General
The solution must work in real time basis for recording the activity,
Requirement
transporting the same to external storage, reporting the alerts etc.
General
Solution should detect sensitive and confidential data in database objects.
Requirement
DAM.REQ.027
General
Solution should allow classifying the database objects like confidential etc. and
Requirement
accordingly allow implementing various rules or providing treatment as may
be desired by the NIC.
DAM.REQ.028
General
Solution should have database vulnerability assessment tests for assessing
Requirement
vulnerabilities, misconfigurations of database servers and their OS platforms.
The product should identify missing patches.
DAM.REQ.029
General
The solution should conduct periodic self-assessment tests for its own
Requirement
integrity, health check-up and provide alerts and reports to the NIC or system
should be hardened operating system/firmware
DAM.REQ.030
General
The solution should provide virtual patching capabilities, protecting the
Requirement
database from known vulnerabilities without deploying a patch or script on
the systems.
DAM.REQ.031
General
The solution should not use native database audit functionality
Requirement
DAM.REQ.032
DAM.REQ.033
General
Solution should not use Data Base triggers to block the malicious or attack
Requirement
traffic.
General
Solution should have an option to integrate with Security components such as
Requirement
Anti malware/ APT solutions.
January 2016
DAM.REQ.034
General
Solution should monitor the DB traffic for all DB violation and attacks & it
Requirement
should identify DB attacks or abnormal DB transactions and block them in real
time.
January 2016
19. Conference Room – LED Display
Sr. No.
Nature of
Requirement
LCD.REQ.001
Screen Type
LED
LCD.REQ.002
LED Panel Viewable Area
Minimum 65"
LCD.REQ.003
HD Technology & Screen
Full HD, 1920 x 1080
LCD.REQ.004
Front Control
Power On/Off with LED
LCD.REQ.005
USB
2 (Minimum)
LCD.REQ.006
HDMI
3 (Minimum)
LCD.REQ.007
WiFi
Built In
LCD.REQ.008
Backlight Module
LED
LCD.REQ.009
Scan System
Automatic NTSC/PAL; 31.5 ~ 80 KHz (Horizontal) ; 56 ~ 75 Hz
(Vertical)
LCD.REQ.010
Video Connectors
BNC (Composite Video) – 2 channels (looping); 4-Pin Mini DIN
(Y/C Video) DVI-I, 15-pin D-Sub for VGA/SXGA Audio Inputs PC
Audio (mini jack) Video Audio (2 channels RCA - looping), HDMI 4
(Rear),
LCD.REQ.011
Power Input
AC Input – 100 to 240V ~ 0.5A, 50/60Hz
LCD.REQ.012
Power Cord
Detacheable
LCD.REQ.013
Display Mode
DVI-I/SXGA/XGA/VGA
LCD.REQ.014
Display Colours
16.7 Million
LCD.REQ.015
Viewing Angle
140º horizontal, 160º vertical
LCD.REQ.016
Operating Temperature
41° to 104° F (5° to 40° C)
LCD.REQ.017
Operating Humidity
30% to 80% relative, non-condensing
LCD.REQ.018
Emmission
FCC: Part 15, Class B
LCD.REQ.019
Hardware
Suitable mounting fixture/ stand to be provided
LCD.REQ.020
Support
The system should not be an end of life / end of service
product.
January 2016
20. Video Wall projection System
Sr. No.
Nature of
Requirement
VWCCC.REQ.001
Display Wall
The large display wall shall be consisting of multiple rear projection
modules in(2) rows and (3)columns configuration and behaving as a
single logical screen.
VWCCC.REQ.002
Projection
Display Unit/Rear Projection Module must be based on Single Chip DLP-
Technology
based Rear Projection Technology 3 separate colour (Red, Green & Blue)
LED lit, without any colour wheel.
VWCCC.REQ.003
Architecture
The display unit/rear projection modules shall have in-built illumination
system
VWCCC.REQ.004
Display size
The diagonal size of each visual display unit/rear projection module shall
be 60".
VWCCC.REQ.005
Native Resolution
1920 X 1080 pixels (Full HD)
per cube
VWCCC.REQ.006
Aspect Ratio
16:9 for each projection module
VWCCC.REQ.007
Lamp Type
LED - RGB (1 each of 12 sqmm surface area). Multiple LED's of each
colour to achieve 12 sqmm area is not acceptable
VWCCC.REQ.008
Display redundancy
In case of failure of any 1 or 2 LED lamp, it should be possible to display
the Image with available 1 or 2 to continue the display and automatically
switch the original display colour into other available colours.
VWCCC.REQ.009
Cooling Mechanism
Cooling by means of heat pipe
VWCCC.REQ.010
Brightness
should be minimum 500 lumens
VWCCC.REQ.011
Brightness
≥ 95%
Uniformity
VWCCC.REQ.012
Contrast ratio
≥1500:1
VWCCC.REQ.013
Dynamic contrast
>600,000:1
ratio
VWCCC.REQ.014
Luminance
The screen should have adjustable low inter screen gap <1mm to give
seamless viewing experience.
VWCCC.REQ.015
Color gamut
125% of NTSC / 165%of EBU
VWCCC.REQ.016
Color
shall offer in excess of 16.7 million colors.
VWCCC.REQ.017
Screen
Burn free, shall have Glass Backing to prevent deformation
VWCCC.REQ.018
Viewing Angle
full viewing angle should be 180 degrees
January 2016
VWCCC.REQ.019
Half Gain Angle
VWCCC.REQ.020
VWCCC.REQ.021
Horizontal : ±35 degrees
Vertical: ±27 degrees
Internal Splitter
Inbuilt internal splitter which can provide a complete computer or Video
image with loop in loop out
VWCCC.REQ.022
Pedestals
Should be customized as per project requirements
VWCCC.REQ.023
RGB, DVI - D timing
720x400/70Hz, 85HZ
compatibility
VGA/60Hz, 72Hz, 75Hz, 85Hz
SVGA/60Hz, 70Hz, 75Hz, 85Hz
XGA/60Hz, 70Hz, 75Hz, 85Hz
WXGA( 1280x768)/60 Hz
SXGA+/60 Hz,70 Hz,75Hz
WUXGA+/60 Hz
UXGA/60 Hz,65Hz,75Hz
QXGA/60Hz( reduced blanking)
VWCCC.REQ.024
Auto detection
System shall automatically search the source which has input signal after
signal plug- in.
VWCCC.REQ.025
Source Redundancy
System should able to switch to secondary DVI input if primary DVI input
not available.
System should also automatically switch back to primary DVI from
secondary DVI input as soon as primary DVI input is available again.
VWCCC.REQ.026
Video feature
10 bit motion adaptive interlacing for HD and SD
Detail enhancement (H, V peaking).
Adaptive detail enhancement featuring sharpness and texture
enhancement (STE)
Enhanced noise reduction with Mosquito noise reduction (MNR)and
Block Artifact Reduction( BAR)
VWCCC.REQ.027
Component Life-
>80,000 Hours
LED
VWCCC.REQ.028
LED Control
Dynamic control
VWCCC.REQ.029
Startup
Instant hot restart
VWCCC.REQ.030
Operating
system shall be operate properly under 5ºC to 50ºC Temperature
Temperature
VWCCC.REQ.031
Storage
-10°C to +60°C
Temperature
VWCCC.REQ.032
Operating Relative
10% to 90%
Humidity
Video Wall Controller
VWC.REQ.001
Display Controller
Controller to control Display module in a matrix of ( 3) x ( 2) with outputs
, video inputs and Universal inputs along with necessary softwares
January 2016
VWC.REQ.002
Processor
Single or Dual Quad Core Intel® Xeon 64-bit 2.0 GHz CPU
VWC.REQ.003
RAM Capacity
Min 8GB and Should be upgradable up to 192 GB 1333 DDR3 ECC
Registered memory
VWC.REQ.004
Expansion Slots
7 slots PCI-E 2.0
VWC.REQ.005
HDD
Min 500 GB Hard Disk
Minimum Support up to 4 Hard disk should be available
Hard disk Capacity should be upgradable
VWC.REQ.006
RAID
RAID 0, 1, 5, 10 support (Windows)
VWC.REQ.007
Networking
Dual-port Gigabit Ethernet Controller inbuilt
Support for Add on Network adapters
Support for Optical Fiber interface Adapters
VWC.REQ.008
Input/ Output
Serial ATA
supported
* Six Serial ATA ports
* Six SATA hard drives supported
IDE
* Single EIDE channel supports up to two UDMA IDE devices (IDE-M,
IDE-S) including CF(Compact Flash) Card
IDE-S) including CF(Compact Flash) Card
* Supports UDMA Mode 5, PIO Mode 4, and ATA/100
LAN
* 2x RJ45 LAN ports
* 1x RJ45 Dedicated IPMI LAN port
USB
* 6x USB rear ports
* 1x USB on-board
* 2x USB internal headers (3 ports)
* Total 10 USB 2.0 Compliant
VGA* 1x VGA PortKeyboard / Mouse* PS/2 keyboard and mouse
portsSerial Port / HeaderSerial Port / Header* 1 Fast UART 16550 serial
port* 1 Fast UART 16550 serial header (Option)
IEEE 1394a
* 2x IEEE 1394a ports (1x header)
VWC.REQ.009
Power
Configurations
* ACPI Power Management
* Main Switch Override Mechanism
* Wake-On-Ring (WOR) header
January 2016
* Wake-On-LAN (WOL) header
* Power-on mode for AC power recovery
* Internal / External modem remote ring-on
Video Wall
Management
Software
VWS.REQ.001
Client & Server
Should supports Multi client/Console control the Wall layouts
based Architecture
VWS.REQ.002
Scaling and display
Software enable user to display, multiple sources up to any size and
anywhere on the display wall.
VWS.REQ.003
Controls
Software should support to control the Brightness, Contrast, Saturation,
Hue, filtering, Crop and Rotate function as per user requirement
VWS.REQ.004
RS232, TCP/IP
RS232 & TCP/IP support should be available for other interfaces
VWS.REQ.005
Remote Control
Wall can be control from Remote PC through LAN
VWS.REQ.006
Auto Source
Software should support for auto source detection
Detection
VWS.REQ.007
VWS.REQ.008
Layout
Should support for Video, RGB, DVI, ,Internet Explorer, Desktop
Management
Application and Remote Desktop Monitoring Layouts
Scenarios
Software should able to Save and Load desktop layouts from Local or
remote machines
VWS.REQ.009
Layout Scheduler
All the Layouts can be scheduled as per user convince.
Software should support auto launch of Layouts according to specified
time event by user
VWS.REQ.010
Protocol
VNC
VWS.REQ.011
Interface
LAN
VWS.REQ.012
Resolution
At least 4k x 2k
VWS.REQ.013
Scaling and display
Display of multiple sources up to any size, everywhere on the wall
VWS.REQ.014
Console View
Software enable user to select following view
Primary Display
Secondary Display
Full Desktop
Selected region
Selected application
January 2016
21. End-user systems
21.1 Desktop
Sr. No.
Item
Requirement Description
DTP.REQ.001
Model Offered
To be provided by bidder
DTP.REQ.002
Make Offered
DTP.REQ.003
Mandatory
OEM – ISO 9001 Manufacturer, Certified on supplied OS, DMI 2.0 compliance
Certifications
and support, Energy Star 5, UL certification,
DTP.REQ.004
Processor
Intel Core i3-2120, 3.3 GHz, 3 MB Cache and 1066 MHz FSB or higher.
DTP.REQ.005
Chipset
Intel H61 or better on Intel/OEM Motherboard
DTP.REQ.006
Memory
4 GB 1066 MHz DDR3 RAM with 8 GB Expandability
DTP.REQ.007
HDD
500 GB 7200 Serial ATA HDD or higher
DTP.REQ.008
Monitor
47 cm (18.5 inch)or larger TFT/LED Digital Color Monitor TCO-05 certified.
DTP.REQ.009
Bays
3 Nos. or above.
DTP.REQ.010
Keyboard
OEM Mechanical Keyboard with 104 keys
DTP.REQ.011
Mouse
Optical with USB interface.
DTP.REQ.012
Optical Device
DVD RW (Min. 16x) or higher
DTP.REQ.013
Cabinet
Micro ATX
DTP.REQ.014
Ports
6 USB Ports (with at least 2 in front), 1 Serial audio port for microphone and
headphone in front.
DTP.REQ.015
Network Features
10/100/1000 on board integrated Network Port with remote booting facility
remote system installation, remote wake up.
DTP.REQ.016
Multimedia
Integrated Audio and Graphic Controller
DTP.REQ.017
Power
ACPI (Advanced Configuration and Power Management Interface)
Management
DTP.REQ.018
Operating System
Genuine latest Windows 7 professional SP1 (64 Bits) preloaded with Media
and Documentation and Certificate of Authenticity
DTP.REQ.019
Bilingual
English and Bangla
DTP.REQ.020
Office Suite
Open office or better
DTP.REQ.021
Antivirus
Pre-installed & Norton/McAfee/ Kaspersky/trend micro /quick heal,, Internet
security and Antivirus Software latest Version with 3 years subscription
DTP.REQ.022
Warranty Period
Minimum 3 Years (Comprehensive Onsite)
January 2016
21.2 Laptops
Sr. No.
Item
LAP.REQ.001
Make
LAP.REQ.002
Model
LAP.REQ.003
Processor
At least Intel Core i3 - 2312M (Speed 2.1 Ghz; Dual Core, Cache Memory 3
MB) or better
LAP.REQ.004
Chipset
6 series mobile chipset or better
LAP.REQ.005
Memory
4 GB DDR3
LAP.REQ.006
Graphic Controller
Integrated Graphics Controller
LAP.REQ.007
Sound Controller
Integrated Sound Controller with speakers (built-in)
LAP.REQ.008
Network
Gigabit Ethernet, Wireless LAN 802.11 b/g/n, Bluetooth
LAP.REQ.009
Storage
320 GB or higher SATA HDD
LAP.REQ.010
Optical Device
Built in DVD - RW Drive (Dual layer)
LAP.REQ.011
Ports
1 X USB 3.0 ports
2 X USB 2.0 ports
1 X VGA port
HDMI/ DVP/ DP
Audio in, Audio Out
LAP.REQ.012
Display
11.1 or 14.1" LED (as per requirement)
LAP.REQ.013
Power Management
Advanced Power Management feature
LAP.REQ.014
Keypad
keypad with palm rest, touch pad with scroll/ track point
LAP.REQ.015
Chassis
Scratch resistant chassis
LAP.REQ.016
Battery Backup
Minimum 4 hours battery back up under standard working conditions
using Lithium ion rechargable battery
LAP.REQ.017
Accessories
AC Power adaptor and good quality carry case
LAP.REQ.018
OS Support
Genuine latest Windows 7 professional SP1 (64 Bits) preloaded with
Media and Documentation and Certificate of Authenticity
LAP.REQ.019
Office Suite
Open Office or better
LAP.REQ.020
Bilingual
English and Bangla
LAP.REQ.021
Warranty
Minimum 3 Years (Comprehensive Onsite)
January 2016
21.3 Tablets
S .No
Item
Minimum Specification required
TAB.REQ.001
Make
To be specified by the Bidder
TAB.REQ.002
Model
To be specified by the Bidder
TAB.REQ.003
Basic features
The handheld device shall have the capability to allow users to access
app stores, emails and other mobility functionalities
TAB.REQ.004
Ergonomic
The device should be handy, lightweight (not more than 550 gms
including battery) and small in size for ease of portability.
The device should be very compact and reliable in design to make it
immune to any type of vibrations and shocks in normal field activity.
TAB.REQ.005
Interface
At least one mini USB / USB interface to allow data sync
TAB.REQ.006
Processor
At least 1 Ghz, Quad Core
TAB.REQ.007
OS
Latest version available for Android or Windows or Apple OS
TAB.REQ.008
RAM
at least 1GB DDR 3 or better
TAB.REQ.009
Internal Memory
at least 16GB memory
TAB.REQ.010
External Storage
At least 32GB support (optional)
TAB.REQ.011
Camera
Primary camera should be at least 5 megapixel
TAB.REQ.012
Display
At least 7 inch TFT / LCD screen or better
TAB.REQ.013
Internet connectivity
At least Wifi 802.11 b/g/n, GPRS, Edge and 3G facility
TAB.REQ.014
Power & Battery
Battery should last at least 8 hours. The device should have lowbattery detection and automatic cutoff feature to avoid further drain
of the battery. The device must come with an integrated intelligent
fast charge capability that allows for full charge in 5 hours or better
(preferable). The device should support AC and DC charging
Battery Charging with provision for charging through USB interface
as well
TAB.REQ.015
Keyboard
The Tablet must have an option to be integrated with a separate key
board if required
TAB.REQ.001
Display
Minimum of 8 lines * 20 characters LCD / LED with backlight
The Display should be LCD / LED with minimum 128X128 Pixels
TAB.REQ.001
Clock
Support to real time clock with the a minimum of 10 years battery
back up
TAB.REQ.001
Climatic conditions
Device should be operational from 5o celcius to 50o celcius.
Device should be water resistant and shock resistant.
5 % to 90% relative humidity, non condesending
January 2016
TAB.REQ.001
Standards / Compliance
Should support standards such as IEC – 529 – Degree of Protection
provided by enclosures, IS : 12063 : 1987 – Classification of Degree of
Protection provided by enclosures of electrical items, IS 9000: 1979 –
Basic environmental testing procedure for electronic & electronic
items, IEC – 1000 – Electromagnetic compatibility, IEC – 1000-4-2 :
1995 – Electrostatic discharge immunity test, IEC – 1000–4-3 : 195 –
Radiated, radio – frequency electromagnetic field immunity test,
Magnetic immunity test, CISPAR 22 – Limits and method of
measurement of radio disturbance characteristics of information
technology equipment. Device should be ROHS complaint. PCI PED
Complaince. ISO8583/SDLC compliant. 3DES, AES, RSA, DUKPT Key
Mangement. ISO7816 compliant
TAB.REQ.001
Casing
Device to be ergonomically designed and be provided with suitable
holding strap for proper gripping and have a case to carry the device.
TAB.REQ.001
Storage
The device must be protected against a static discharge without loss
of data.
TAB.REQ.001
Drop Test
Functional after drop from 3 feet on concrete floor
TAB.REQ.001
Warranty
Comprehensive on-site warranty for the contract period. Warranty to
cover both hardware and software.
TAB.REQ.001
Bilingual
English and Bangla
TAB.REQ.001
Access type
Biomteric access to the device (preferably)
TAB.REQ.001
Communication
Should support GSM/GPRS for connecting to the MTS system for data
mechanisms
exchange
Other networks: WiFi, TCP/IP
TAB.REQ.001
Terminal Management
Should be able to update the application on-air
21.4 UPS
Sr. No.
Item
MFD.REQ.001
Model Offered
MFD.REQ.002
Make Offered
MFD.REQ.003
Capacity
1 KVA
MFD.REQ.004
Input Range
Voltage Range 155 – 280 V on Full Load
Voltage Range 110 – 280 V on less than 70% Load
MFD.REQ.005
Output Voltage &
230 +/- 1% Pure Sine Wave
Waveform
MFD.REQ.006
I/P & O/P Power
Factor
0.8 or higher power factor
January 2016
MFD.REQ.007
Mains & Battery
Sealed Maintenance Free Battery, Mains & Battery with necessary indicators,
alarms and protection with proper battery storage stand
MFD.REQ.008
I/P & O/P Freq
50 Hz +/- 10%, 50Hz +/- 0.1%;
MFD.REQ.009
Crest Factor
min. 3:1
MFD.REQ.010
Third Harmonic
< 3%
Distribution
MFD.REQ.011
Input Harmonic
< 10%
Level
MFD.REQ.012
Overall Efficiency
Min. 90% on Full Load;
MFD.REQ.013
Noise Level
< 55 db;
MFD.REQ.014
Backup
at least 120 minutes
MFD.REQ.015
Warranty
3 years onsite comprehensive warranty UPS & battery
MFD.REQ.016
Certification
ISO 9001, 14001 & CE
21.5 Multi-function printers
Sr. No.
Item
MFD.REQ.001
Model Offered
MFD.REQ.002
Make Offered
MFD.REQ.003
Print speed
Up to 25 ppm (A4)
MFD.REQ.004
Print Resolution
Up to 600 x 600 dpi
MFD.REQ.005
Duty cycle
Up to 8000 pages
(Monthly)
MFD.REQ.006
Duplex print
Yes
option (A4)
MFD.REQ.007
Features
Print, Copy, Scan & Fax
MFD.REQ.008
Network Enabled
Yes (min 10/100 mbps)
MFD.REQ.009
Energy Star
Yes
MFD.REQ.010
Standard
Min. 128 MB
memory
MFD.REQ.011
Processor Speed
500 MHz or higher
MFD.REQ.012
Compatible
Windows/ Linux OS
operating
systems
MFD.REQ.013
Interface
USB 2.0 or 3.0 as per requirement
MFD.REQ.014
Accessories
USB & power cable
January 2016
MFD.REQ.015
Warranty
Three years comprehensive onsite
21.6 Color Printers
Sr. No.
Item
MFD.REQ.001
Model Offered
MFD.REQ.002
Make Offered
MFD.REQ.003
Print speed
Up to 15 ppm (A4)
MFD.REQ.004
Print Resolution
Up to 600 x 600 dpi
MFD.REQ.005
Monthly Duty
Up to 50000 pages
cycle
MFD.REQ.006
Duplex print
Yes
option (A4)
MFD.REQ.007
Media size
A4, Legal, letter, envelope etc.
MFD.REQ.008
Network Enabled
Yes (min 10/100 mbps)
MFD.REQ.009
Energy Star
Yes
MFD.REQ.010
Standard
Min. 64 MB
memory
MFD.REQ.011
Interface
USB 2.0
MFD.REQ.012
Compatible
Windows/ Linux Operating System
operating
systems
MFD.REQ.013
Accessories
USB & power cable and driver CD for Linux and Windows
MFD.REQ.014
Warranty
Three years comprehensive onsite
21.7 Barcode printer
Sr. No.
Item
BAS.REQ.001
Make
BAS.REQ.002
Model
BAS.REQ.003
Interface
USB
BAS.REQ.004
Resolution
203 dpi
BAS.REQ.005
Print Speed
4 ips
BAS.REQ.006
Printing Method
Thermal transfer/ Direct thermal
BAS.REQ.007
Graphics Handling
PCX, BMP and others
January 2016
BAS.REQ.008
Print Width
Starting 25 mm
BAS.REQ.009
Media type
Roll stock, Fanfold, Tag stock
BAS.REQ.010
Memory
Minimum 2 MB flash and 4 Mb SDRAM
BAS.REQ.011
OS Support
Windows/ Linux
BAS.REQ.012
Font Support
1D/ GS1 databar; 2D/ Composite codes; QR codes and true type fonts
BAS.REQ.013
Accessories
Stacker, cutter
BAS.REQ.014
Warranty
Three years onsite comprehensive
21.8 Barcode scanner
Sr. No.
Item
BAP.REQ.001
Make
BAP.REQ.002
Model
BAP.REQ.003
Interface
USB
BAP.REQ.004
Scan/ Decode rate
Minimum 200 per second
BAP.REQ.005
Technology
Imager
BAP.REQ.006
Print Contrast
35%
ratio
BAP.REQ.007
Resolution
5 mil
BAP.REQ.008
Bar Code Density/
5 mil/ 9 cm and 13 mil/ 20 cm
Depth of field
BAP.REQ.009
Compatiility
UPC- A/ UPC - E, EAN 13, JAN 13, CODBAR, ADD - ON - 2, ADD - ON - 5, CODE 93 and industrial codes, interleaved 2 of 5, EAN 128
BAP.REQ.010
Warranty
21.9 Web camera
Sr. No.
Item
CAM.REQ.001
Make
CAM.REQ.002
Model
CAM.REQ.003
Pixel Resolution
2 mega pixel
CAM.REQ.004
Image Sensor
CMOS
CAM.REQ.005
Optical Zoom
2X (Minimum)
CAM.REQ.006
Focus
high speed, low light auto focus
CAM.REQ.007
Cables
USB cable
January 2016
CAM.REQ.008
Power
through USB
CAM.REQ.009
Supported
All leading Operating Systems such as Windows, Linux, Unix etc
Operating
System
CAM.REQ.010
Warranty
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax, transaction and advisory services. The
insights and quality services we deliver help build trust and confidence in the
capital markets and in economies the world over. We develop outstanding
leaders who team to deliver on our promises to all of our stakeholders. In so
doing, we play a critical role in building a better working world for our people,
for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the
member firms of Ernst & Young Global Limited, each of which is a separate
legal entity. Ernst & Young Global Limited, a UK company limited by
guarantee, does not provide services to clients. For more information about
our organization, please visit ey.com.
© 2015 EY LLP
All Rights Reserved.
This material has been prepared for general informational purposes only and

Draft NEA, e-GIF and MSDP Report - National Enterprise Architecture

Transcription

Similar documents

Solenne Bouchard Maeve Brennan Salvatore Cingari Sofia Cingari

PLANT HANGER.idw - Big Rivers, Ltd.

Holy Spirit Church - Holy Spirit Union

Week of 11-15-2015

Today is Sunday, April 24, 2016 How beautiful was the weather this

Our Lady of the Miraculous Medal Parish Parroquia de Nuestra

brewbaker`s

ST. MICHAEL`S ROMAN CATHOLIC CHURCH

20 Page Avenue - St. Michael`s Church

File