The URL can be used to link to this page

Home My WebLink AboutAddendum 1 - RFP - 10173 Electric System StudyAddendum 1 RFP 10173 Electric System Study ADDENDUM NO. 1 Description: RFP 10173 Electric System Study To all prospective proposers under the contract documents described above, the following changes/additions are hereby made and detailed in the following sections of this addendum: Inclusion of Exhibit 1- Fort Collins IT Technology Architecture & Environmental Standards Please contact JD McCune, Senior Buyer, at jmccune@fcgov.com with any questions regarding this addendum. RECEIPT OF THIS ADDENDUM MUST BE ACKNOWLEDGED BY A WRITTEN STATEMENT ENCLOSED WITH THE RFP STATING THAT THIS ADDENDUM HAS BEEN RECEIVED. Financial Services Purchasing Division 215 N. Mason St. 2nd Floor PO Box 580 Fort Collins, CO 80522 970.221.6775 970.221.6707 fcgov.com/purchasing IT-01.06-STD Technology Environment Standards Page 1 of 6 WARNING! Print copies may reflect an out-of-date version. This document is uncontrolled when printed. Information Technology Technology Architecture & Environment Standards Version 1.1 (2024-10-08) Purpose This document serves as a guide to the standard technology architecture and environment within the City of Fort Collins. Its primary objective is to provide a clear, consistent framework for technology solution providers, ensuring that all technology solutions align with our organization's established standards and practices. This document aims to: •Standardize technology implementations across the organization to enhance compatibility, security, and efficiency, as well as reduce the support footprint. •Facilitate effective communication with technology solution providers by clearly articulating our technology requirements and expectations. •Promote best practices in data handling, server technology, database technologies, authentication, network standards, and end-user computing devices. •Ensure that all technology solutions support the organization's strategic goals and comply with regulatory and security requirements. •Streamline the procurement process by providing a comprehensive reference for prospective technology partners. Scope This standard applies to all Information and Communication Technology (ICT) that uses City funds, data, information, or infrastructure, regardless of the method used to acquire; to include but not limited to, technology offered at no cost. Num: IT-01.06-STD Effective date: 2024-10-03 Owner: Technology Architecture Committee (TAC) Compliance date: 2024-10-03 Master Location: MS Teams > IT Department > Documents > General > IT Policies, Standards, Guidelines Last reviewed: 2024-10-03 Next review: 2024-10-03 Exhibit 1 IT-01.06-STD Technology Environment Standards Page 2 of 6 WARNING! Print copies may reflect an out-of-date version. This document is uncontrolled when printed. Standards Hosted/SaaS Standards • SaaS Application Residency - All datacenters for Hosted/SaaS applications and storage must reside within the contiguous United States. City of Fort Collins data shall not be stored outside of the United States. Data Ownership - All City of Fort Collins data used, input, updated or modified in the system is the sole property of the City of Fort Collins and can be used by Fort Collins staff or designated agents for official purposes. • SaaS Data Access - Data hosted in cloud services must be accessible by standard web protocols such as REST and SOAP APIs. • SaaS SSO - All hosted/SaaS applications shall implement Single Sign On (SSO) using Azure Entra AD SAML integration and shall support Multi-Factor Authentication. Client/Endpoint Application Standards • Java Runtime - Applications requiring Java Runtime Environments, must use open source JDK/JRE, either OpenJDK or Amazon Corretto. • Dependent Components - Applications requiring frameworks or components (e.g. .NET), must utilize latest, fully vendor supported, patched, stable, and fully released versions. • Software Deployment - Client software must be installed via Unified Endpoint Management (UEM) tools. • Limited Rights - Client software must not require elevated or administrative rights for a user to use. Data Access and Availability Standards Open Records – All City data must be accessible and auditable on demand, to comply with city, state, and federal requirements, such as the Colorado Open Records Act (CORA). Accessibility Standards Technologies must meet all city, state, and federal requirements for Accessibility. IT-01.06-STD Technology Environment Standards Page 3 of 6 WARNING! Print copies may reflect an out-of-date version. This document is uncontrolled when printed. Database Standards • Database Platform - Preferred databases are Microsoft SQL Server Enterprise Edition in a virtualized environment. Microsoft SQL Server versions not supported by Microsoft or versions near end of support will not be permitted. • DBMS Hosting (City hosted) - Databases and SQL instances may reside and operate on a virtual server, reside, and operate on a server shared with other SQL instances, or may require dedicated server hardware. Vendors must specify the minimum and preferred d atabase hardware and software operating environment in their proposals. • DBMS Service Isolation – Database engines must be isolated from applications, not running on the same hardware as application services. Databases should run from shared database environments, when possible. Database SysAdmin – The application, users, or services must not require SysAdmin level permissions on the database instance to function. • Database References – All database references must use an aliased DNS/CNAME. Static IP Address(es) or hostnames alone shall not be required. Alternative technical database environments, (including Free, Express, and Lite versions) may be proposed and will be considered on a case-by-case basis but are not guaranteed approval. No database environments which are out of support will be permitted. Server Standards • Server Operating Systems - All servers will run fully supported versions of Windows Server or Red Hat Linux. Versions not supported by Microsoft or Red Hat, OR versions near end of support will not be permitted. • Virtualization - The city’s virtualization architecture is the VMware vSphere environment. No other virtualization platform is permitted. • Physical Servers - Not permitted. Alternative technical server environments may be proposed and will be considered on a caseby-case basis but are not guaranteed approval for use in the city’s environment. Containerization IT-01.06-STD Technology Environment Standards Page 4 of 6 WARNING! Print copies may reflect an out-of-date version. This document is uncontrolled when printed. All container technologies must fully integrate with VMware vSphere to ensure seamless management, security, and operational consistency across our infrastructure. Network Standards • Wireless connectivity - Connectivity is designed to service within the physical footprint of network connected city buildings. Connectivity outside of the building footprint is not guaranteed. • Wireless Throughput – There is no guarantee minimum bandwidth on the city’s wireless networks. If minimum wireless bandwidth is required for a solution, that technology must be reviewed by TAC. • Devices on Business Network - Only city owned and managed endpoints are to be added to the business network (wired, wireless, or VPN). • Use of Public Wi-Fi – While public Wi-Fi is generally available in network connected city buildings, there is no guarantee of quality of service or availability. Business functions should not be dependent on public, untrusted Wi-Fi. • IoT Devices - IoT Devices require pre-authorization and are to be added to an isolated VLAN from the business network. IoT devices will not utilize public, untrusted networks. Wi-Fi Security – All Wi-Fi connected device must support a minimum of WPA2 and must encrypt all data in transit. Only City-installed, managed, and owned wireless access points are allowed on the business network; no unauthorized access points are allowed. Public wireless network shall be separate from the business network. Public Wi-Fi will not have access to internal resources (printers, drives, etc). Network Communication Standards • IPv6 – All network connected hardware should support both IPv4 and IPv6. • Ethernet Bandwidth – Ethernet connectivity is designed to support 1GB to all endpoints within network connected buildings. • In-Transit Encryption – City data in-transit should be encrypted across public networks or where prescribed by applicable regulatory security standards. Minimum acceptable encryption standards are to be TLS 1.2+ or IPSEC using IKEv2, AES-128 or higher encryption, SHA-256 or higher integrity hashing, and Diffie-Hellman 14 or higher. Data Storage Standards IT-01.06-STD Technology Environment Standards Page 5 of 6 WARNING! Print copies may reflect an out-of-date version. This document is uncontrolled when printed. • Data Residency - All datacenters for Hosted/SaaS applications and storage must reside within the contiguous United States. City of Fort Collins data shall not be stored or processed outside of the United States. • Data Portability - All city owned data, shall be accessible after contract/partnership end and not be stored in a vendor proprietary format, and shall not require active licensing to read/access (Data Hostage). • Encryption-at-Rest – All data at rest shall be encrypted, with a minimum of AES-256. • Data Retention –Technology must be able to store and purge data to align with the State of Colorado’s Municipal Date Retention Schedule. • Infrastructure Storage (On-Prem) – Technologies must utilize authorized, centrally managed storage service(s). • Environment Isolation – All environments, such as DEV, TEST, STAGE, PROD), shall be running distinct instances using environment unique service accounts, to prevent crossenvironment dependencies and data contamination. • Data Integrity – The validity and consistency of data is foundational to trust in that data. Data storage systems will ideally support transactional integrity with industry standard atomicity, consistency, isolation, and durability capabilities. For systems such as NoSQL, Data Lake, and file store data redundancy and other means of data integrity checks/guarantees should be supported. • Auditing – Data systems should allow for auditing of data interactions. While this may not be enabled on all systems (depending on Data Sensitivity and other factors) the ability to log data interactions in a secure manner should be a standard capability. Backup and Archive – Data systems should provide automated means of backup and retention of data. If this is not included in the data system it should be supported by included or already existing tools such as Commvault. Endpoint Standards Client Endpoint • Client Operating System - Windows 11 Professional • Standard Web Browser - Google Chrome or Microsoft Edge. • Standard productivity Suite – Current Microsoft Office version. Not all employees/users will have installed version of MS Office and will be limited to Online versions. • EDR/Virus - All Endpoints will have anti-virus protection, Endpoint Detection and Response (EDR), and Asset/CMDB management software installed and always running. • Client Endpoint Management – All clients must be managed by the city’s MDM/UEM solution. IT-01.06-STD Technology Environment Standards Page 6 of 6 WARNING! Print copies may reflect an out-of-date version. This document is uncontrolled when printed. Mobile Endpoint • Standard Mobile Operating System - iOS • Standard Mobile Device – Apple iPhone, iPad • Mobile Endpoint Management – All clients must be managed by the city’s MDM/UEM solution. Cybersecurity Standards All Technology should comply with NIST 800-53 standards • DNS Security - The city utilizes a Malicious Domain Blocking and Reporting (MDBR) service. • Service Account Use – All Service Accounts must be configured in Active Directory, and not require a local Service Account. Exceptions can be considered by TAC. Tier Segregation Standards All enterprise-class N-Tier applications should be architected with application tier segregation, ensuring that each tier—such as presentation, business logic, and data—is isolated and independently managed. Segregation needs are driven by system criticality.