All bid deadlines are 11:59pm Pacific Time the date of the bid deadline listed unless otherwise noted.
· Before the listed deadlines, all Questions and Bids must be submitted using the on-line IFCB system. Bids submitted before the bid deadline outside of this system will be disqualified. If the system is down before the deadline, please email your bid to info@crwconsulting.com or fax it to 918.445.0049. Bids or questions submitted in this fashion will be disqualified if the on-line system is active at the time of submission. The applicant reserves the right to request and obtain bids outside of the website system if the bid deadline has passed and zero or one bid is received (the intent for this is to follow USAC guidance on obtaining cost-effective bids).
· For all requested services and/or products listed on this IFCB: proposals that include generic/encyclopedic price lists will be considered non-responsive and will be disqualified. SPAM and/or robotic responses will not be considered valid bid responses and will be disqualified from consideration.
· Bidder must agree to participate in USF Program (AKA “Cybersecurity Pilot Program”) for the corresponding funding year.
· Please include the correct Service Provider Identification Number (SPIN) on your bid.
· By submitting a bid, bidder certifies that the bidder does have a valid (non-red light status) SPIN for the Cybersecurity Pilot Program program at the time of submission. Should the Applicant discover that the bidder is on red light status, or if the FCC classifies the bidder as on red-light status before work is performed and invoices are paid, the contract will be null and void and the applicant will have no payment obligations to the bidder.
· Bidder is expected to provide the lowest corresponding price per Cybersecurity Pilot Program rules. See https://www.usac.org/e-rate/service-providers/step-2-responding-to-bids/lowest-corresponding-price/ for details.
· Contracts must not prohibit SPIN changes.
· Bidder must agree to provide the Applicant the choice of discount methods (SPI or BEAR).
· Bidder will be automatically disqualified if the District determines that the bidding company has offered any employee of the District any individual gift of more than $20 or gifts totaling more than $50 within a 12 month period. This does not apply to the recent FCC exemptions of the Gift Rule for the COVID pandemic.
· All contracts awarded will be contingent upon Cybersecurity Pilot Program funding and final board approval. The applicant may choose to do all or part of the project upon funding notification.
· All applicable fees, surcharges, and taxes must be identified on the bid. Cybersecurity Pilot Program rules require the applicants to evaluate the price of eligible goods and services that will be listed on the 471 application during the competitive bidding process. Fees and surcharges that apply but are not listed on the bid will be the responsibility of the bidding company, should their bid be awarded.
· For the software and hardware listed below, the applicant will accept bids for functionally equivalent equipment.
· DISQUALIFICATION FACTOR CPP: The applicant will not accept bids from manufacturers of equipment deemed a national security threat by the Federal Communications Commission. The list of prohibited equipment is available here: https://www.fcc.gov/supplychain/coveredlist. Vendors that submit bids that include these manufacturers will have their bids disqualified.
· DISQUALIFICATION FACTOR CPP: Vendors must complete and include the CPP Cover Page with their bid. Bids received without the cover page will be disqualified.
· DISQUALIFICATION FACTOR CPP: Service providers are required to bid an entire Project A, Project B or Project C. Bids for individual components of a single project, or bids that do not include all of the requested items for a single project will be disqualified.
· DISQUALIFICATION FACTOR CPP: It will be the bidder’s responsibility to provide documentation about the compatibility requirements listed in this IFCB. Vendors that submit bids without documentation demonstrating the required compatibility listed in this IFCB will have their bids disqualified, unless that vendor has bid the preferred make/model number listed.
UPDATE 6/3/25: The bid deadline has been extended to 7/1/25.
ASTEC Charter Schools is committed to providing a safe and secure learning environment where students can thrive academically without unnecessary distractions or security concerns. To achieve this, we are seeking solutions that enhance student protection through comprehensive training, threat recognition, and robust cybersecurity measures.
Our primary objective is to equip our staff and students with the tools and knowledge necessary to identify potential threats while implementing advanced content filtering and network security protocols. By minimizing distractions and preventing intrusions into our systems, we aim to create an environment where students can focus on their education without external disruptions.
We are looking for vendors who can provide effective solutions that align with our mission of fostering a secure and enriching learning experience. This may include cybersecurity training, content filtering services, and network protection strategies that ensure the integrity and safety of our digital infrastructure.
Through these enhancements, ASTEC Charter Schools will continue to uphold its commitment to excellence in education while prioritizing the safety and well-being of our students.
ASTEC is a school of around 1500 students and 125 employees. We are looking to implement or update our security and vulnerability protection with SentinelOne EDR for Anti-Malware, Anti-ransomware, Anti-spam, Anti-virus protection, and Duo MFA solutions on required computers, Cloud Monitoring, Content and Classroom Filtering utilizing ManagedMethods or Lightspeed Relay that works with Chromebooks under two separate Google accounts, one Google account for Chromebooks, and students under a different Google account, Ensure our Google Workspace environment is configured appropriately for the best security, Anti-Phishing training for our Students, Faculty, and Staff, make sure our network is secure with proper firewall configuration and intrusion prevention, as well as Vulnerability scans and Penetration testing solutions.
Project A: Endpoint Security & Threat Protection with 24/7 monitored Vigilance
• Deploy Anti-Malware, Anti-Ransomware, Anti-Spam, and Anti-Virus solutions
• Implement EDR (Endpoint Detection & Response) on required Computers and Servers (VM’s) with Windows Server
• Enforce Multi-Factor Authentication (MFA) across systems for all staff/admin network users
• Zero Trust Architecture
• Network Access Control
• Privileged Identity Access Management
• Cybersecurity & Threat Recognition for students, faculty, and staff
• Configure Google Workspace for optimal security
• Establish Proper Threat Recognition & Response System
Project B: Content and Classroom Filtering & Cloud Monitoring
• Deploy Cloud Monitoring for threat detection and response
• Implement Content and Classroom Filtering to protect students and ensure compliance with state and federal guidelines
• This solution must work with Chromebooks under one Google account and students under a different Google account
• Cloud Security & Google Workspace Hardening
• Configure Google Workspace for optimal security
Project C: Network Security & Infrastructure Protection
• Ensure Firewall Configuration & Intrusion Prevention
• Perform Vulnerability Scans & Penetration Testing
• Patching and Security Updates on Workstations and Servers
NOTE: All projects should include installation, configuration and activation options in the bid as individual line items. All qualified items that require licenses should include license numbers based on the number of students, faculty and staff as listed on the IFCB.
COMPATIBILITY REQUIREMENT
All equipment and software must be compatible with existing Google Workspace for Education Plus, Sentinel One EDR, DUO MFA, Barracuda threat recognition, Watchguard firewall.
DISQUALIFICATION FACTOR CPP: The applicant will not accept bids from manufacturers of equipment deemed a national security threat by the Federal Communications Commission. The list of prohibited equipment is available here: https://www.fcc.gov/supplychain/coveredlist. Vendors that submit bids that include these manufacturers will have their bids disqualified.
DISQUALIFICATION FACTOR CPP: Vendors must complete and include the CPP Cover Page with their bid. Bids received without the cover page will be disqualified.
DISQUALIFICATION FACTOR CPP: Service providers are required to bid an entire Project A, Project B and/or Project C. Vendors may bid one or all of the projects. However, bids for individual components of a single project, or bids that do not include all of the requested items for a single project will be disqualified.
DISQUALIFICATION FACTOR CPP: It will be the bidder’s responsibility to provide documentation about the compatibility requirements listed in this IFCB. Vendors that submit bids without documentation demonstrating the required compatibility listed in this IFCB will have their bids disqualified, unless that vendor has bid the preferred make/model number listed.
| ASTEC_CPP_COVER_PAGE.pdf |
| ASTEC_Basic_Network_Diagram.pdf |
Answer:
We have also added a network diagram to the IFCB
EPP/MDR: 1) How many users/devices/servers? ASTEC Currently has 1650 Students with all ChromeOS, 125 Faculty and Staff with mixture of ChromeOS, MacOS, and Windows OS.
Only 7 are currently managed and monitored with Duo and Sentinel
We have 7 servers in which 3 will be going away shortly
2) How would this be managed? In house Co-Managed 3rd Party remote, Unless onsite required
3) What (if any) other data sources would be ingested to this platform? Google Workspace shop
4) What (if any) ZTNA/MFA/VPN solutions are currently in use? Duo and Sentinel No VPN
5) What (if any) Web Applications are currently in use? Standard School Applications, PowerSchool, ConciergePad, Rave Panic Button, IP Phone System(Elevation), Avigilon Security and Camera System
6) What (if any) Cloud Service Providers are currently in use? Only 7 are currently managed and monitored with Duo and Sentinel
Lightspeed: • How many total devices will need to be protected with LightSpeed systems? Around 1700
For the firewall to size out we need the following questions answered but most important the bandwidth and vpn tunnels/users. Throughput • Total WAN Bandwidth We have 2 location with a 10 Gig AT&T Fiber coming into the Elementary and a 10 Gig WAN connecting the Elementary to the middle/High School facility
Average WAN Consumption (less than 5 GB): • Anticipated WAN growth over 3 years (10%): WAN Protection features to be included with new firewall) • SSL/TLS Decryption (Y)?: • Intrusion Prevention (Y)?: • Application Control (Some)?: • Anti-Malware Protection (Y)?: • Web Protection (Y)
What is your current peak period Firewall Sessions? 8:00am to 4:30pm Monday thru Friday
Any Seasonal changes to your traffic? Summer Slowdown Mid-May through first of August Total Number of Users? Listed Above
What (if any) NGFW Redundancy is required? TBD
If possible share a network diagram? Attached
Brand, and number of APs? 311 IP Endpoints
Brand and number of Switches? 35 Cisco
How many years of support? By State Guidelines we can do up to a 3 year contract, with a year to year renewal, with a justifiable opt out option
1) Can the Service be provided remote, Unless onsite required?
2) Are the Firewalls in an HA pair, or multiple stand alones? Vendor Managed WatchGuard
