{
  "docId": "019f6b8f-396d-7449-84da-64056786eb24",
  "docSlug": "jarvis-mckinsey-solicitation-state-of-new-jersey",
  "documentTitle": "mckinsey solicitation state of new jersey",
  "authorId": "mckinsey-solicitation-state-of-new-jersey",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": null,
  "aspectRatio": null,
  "pageNumber": 33,
  "pageCount": 50,
  "prevPage": 32,
  "nextPage": 34,
  "slideType": "appendix_disclosure",
  "function": "other",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "Page 26 of a larger document, likely a Request for Proposal (RFP) or contract.",
  "elementsJson": null,
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019f6b8f-396d-7449-84da-64056786eb24/33",
  "deckHref": "/decks/019f6b8f-396d-7449-84da-64056786eb24",
  "deckJsonHref": "/decks/019f6b8f-396d-7449-84da-64056786eb24.json",
  "deckAnchorHref": "/decks/019f6b8f-396d-7449-84da-64056786eb24#slide-33",
  "components": [
    {
      "bbox": {
        "h": 0.08,
        "w": 0.76,
        "x": 0.13,
        "y": 0.6
      },
      "kind": "list",
      "text": "For \"outsourced hosting services\", the Contractor must demonstrate the ability to not only secure the physical application infrastructure... but also control and secure physical access to the application hosting facilities.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "2474968a-775e-4003-914a-e7501f3d54ba",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.79,
        "x": 0.105,
        "y": 0.32
      },
      "kind": "list",
      "text": "Network Security: The Contractor shall maintain the Contractor's network security that – at a minimum – includes: network firewall provisioning, intrusion detection and prevention, vulnerability assessments and regular independent third party penetration testing.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "3345dd43-1b42-49d2-84b7-135dcdbf2af9",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.76,
        "x": 0.13,
        "y": 0.54
      },
      "kind": "list",
      "text": "The Contractor shall be subject to the same security and infrastructure review processes that are required by NJOIT and its partner Departments and Agencies.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "6aa6d287-a4c9-450d-b740-5fbd6b1251e0",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.76,
        "x": 0.13,
        "y": 0.78
      },
      "kind": "list",
      "text": "The Contractor shall provide a detailed system design document showing a Network Plan, Disaster Contingency Plan and Security Plan.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "dc35e1f4-4ae4-4605-817a-977363588955",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.76,
        "x": 0.13,
        "y": 0.69
      },
      "kind": "list",
      "text": "If the Contractor is not supplying \"dedicated\" hardware resources... the Contractor must demonstrate its strategy to maintain application and/or stack isolation using commercially available security devices.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f0be2310-ce9f-4f01-a8e9-7f6dcf48c5a3",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.76,
        "x": 0.13,
        "y": 0.4
      },
      "kind": "list",
      "text": "1. Current standards set forth and maintained by the National Institute of Standards and Technology (NIST)... 2. Any recognized comparable security standard that the Contractor then applies to its own infrastructure and is approved by the NJ Office of Information Technology (NJOIT).",
      "attrs": null,
      "subkind": "numbered",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7d2a1000-e723-48e3-8830-52c3fcdf3cb2",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.79,
        "x": 0.105,
        "y": 0.19
      },
      "kind": "paragraph",
      "text": "Security clearance/background check for all Contractors and project staff must be obtained and provided to the State... Refer to the National Institute of Standards and Technology (NIST) Special Publication (SP) 300-12.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7844bec2-1a0c-4fb5-ad43-40cd8cdc5f62",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.79,
        "x": 0.105,
        "y": 0.08
      },
      "kind": "paragraph",
      "text": "The Contractor and all project staff including its subcontractor(s) must complete and sign confidentiality and non-disclosure agreements provided by the State and require all staff to view yearly security awareness and confidentiality training modules provided by the Contractor.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "95baed97-5673-4785-b1b2-01c88c1fe15a",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.79,
        "x": 0.105,
        "y": 0.88
      },
      "kind": "paragraph",
      "text": "B. Application Security: The Contractor at a minimum shall run application vulnerability assessment scans during development and system testing. Vulnerabilities shall be remediated prior to production release.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f635602e-dca0-48fc-95fa-c657e20ff221",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.33,
        "x": 0.105,
        "y": 0.288
      },
      "kind": "title",
      "text": "5.6.2 SECURITY STANDARDS",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "aab2e1dc-d0f1-42f4-b73e-bd5886e9d76e",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 40,
      "from": 31,
      "beatId": "40758be9-b196-471b-8e88-59120d72d37c",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Evidence & Proof",
      "beatSlug": "consultants-gambit-evidence-proof",
      "evidence": "The document outlines the evaluation criteria and requirements for the proposal",
      "position": 3,
      "confidence": 0.8,
      "parentBeatName": "Evidence",
      "parentBeatSlug": "evidence"
    }
  ],
  "loops": [],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}