Blade server

Standard id Standard Clasification
BS.REQ.001 : The processor to be released not more than 1 year before the date of purchase. Mandatory
BS.REQ.002 : As per application demand. Mandatory
BS.REQ.003 : Internal RAID Controller should support at least RAID 0, 1, 5, 10 Recommended
BS.REQ.004 : As per requirement. Mandatory
BS.REQ.005 : Comprehensive Warranty should be mentioned as per requirement. Recommended
BS.REQ.006 : As per requirement. Recommended
BS.REQ.007 : Half Height/Full Height(With the increase in CPUs the form factor changes half blade supports 2 CPU where as full blade supports 4 physical CPUs. At any given point in time blade Chassis support 8 full blade or 16 half blade servers) Recommended

Database server – rack mount

Standard id Standard Clasification
DS.RKM.001 Servers offered should be highest end enterprise class and should be with the latest generation processors at the time of supply. However, the proposed servers with 64 bit processor of RISC/EPIC cores processor should not be less than 3.30 Ghz (RISC), 2.53 GHz for "Ultra SPARC64-VII" or 1.6 GHz for EPIC Processor. It should be supplied with minimum 24 cores which can be upgraded to 128 cores in the same server.
The server proposed should be compatible with the Database Solution proposed by the Bidder for the period of contract.		 Recommended
DS.RKM.002 Should support 64bit enterprise class Linux / UNIX, with HA & cluster functionalities. Recommended
DS.RKM.003 Minimum 24 MB cache (L3) per processor or higher Recommended
DS.RKM.004 Minimum of 8 GB RAM DDR-4 per core. Mandatory
DS.RKM.005 Minimum 3 x 300 GB latest generation SAS or minimum 2 X 480 GB SSD M.2 for operating system Mandatory
DS.RKM.006 Should have 2 NIC with 2 Ethernet Ports of 10 Gbps Recommended
DS.RKM.007 Fiber Channel Adapters minimum 2 dual ports 16 Gbps Recommended
DS.RKM.008 Redundant hot pluggable Power Supply and Fan Mandatory
DS.RKM.009 Logical or Physical Partitioning should be supported Recommended
DS.RKM.010 Server must have capability for minimum 4 Partitions to run Independent Enterprise OS Recommended
DS.RKM.011 Capable of dynamic movement of resources (CPU/ memory/ adapters) across partitions Recommended
DS.RKM.012 Should be provided with a GUI / browser based management console to take care of the partition management & configuration Recommended
DS.RKM.013 19” rack mountable with rack mounting accessories Recommended
DS.RKM.014 Must ensure no single point of failure for production environment and necessary components must be added to the solution accordingly to ensure that. Mandatory
DS.RKM.015 The proposed server should have ability to use spare processors which would dynamically kick in when any active processors fail. Recommended
DS.RKM.016 Should support a shared architecture wherein CPU, Memory and I/O can be shared between the different partitions, be it virtual partitions or logical partitions. Recommended
DS.RKM.017 If partitioning is used then servers should have similar number of partitions and every partition on one server should be clustered with respective partition (with equal amount of Processor Cores, Memory & I/O per partition) on the other server. Recommended
DS.RKM.018 The proposed partitioning mechanism should have flexibility of assigning resources like CPU, and Memory to a unit level granularity to each individual partition. The server should have the configured capability to assign dedicated resources to partitions. Recommended
DS.RKM.019 At any given point, CPU utilization should not exceed 65 percentage (during peak & nonpeak hours) Recommended
DS.RKM.020 Critical component like CPU, Memory, HDD in server should be hot pluggable to ensure availability even during hardware failure Recommended
DS.RKM.021 The database should have the capability to be deployed in an active-active clustered environment. The database should be available even when one of the servers / instances fails. The users should be able to work without interruptions. Mandatory
DS.RKM.022 Depending on server hardware architecture, all standard OS should be supported including MS Windows, RHEL, SLES, OEL, Oracle Solaris, AIX. Recommended
DS.RKM.023 The system should be under warranty for minimum 3 years along with support service. Mandatory
DS.RKM.024 The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

General purpose rack server

Standard id Standard Clasification
WDS.REQ.001 19" rack server with rack mounting accessories Recommended
WDS.REQ.002 Latest generation Intel / AMD series Processor Recommended
WDS.REQ.003 Minimum 24 GB RAM DDR-4 with required scalability Recommended
WDS.REQ.004 Minimum 3 x 300 GB latest generation SAS or minimum 2 X 480 GB SSD M.2 for operating system
If external storage is not used then additional storage capacity should be considered according to requirement.		 Recommended
WDS.REQ.005 RAID Controller with minimum 512 MB Cache & should support RAID levels minimum 0, 1, 10, 5 & 6 Recommended
WDS.REQ.006 Should have 2 NIC with 2 Ethernet Ports of 10 Gbps Mandatory
WDS.REQ.007 Fiber Channel Adapters minimum 2 dual ports 16 Gbps Recommended
WDS.REQ.008 Hot Swappable Redundant power supply & fan Mandatory
WDS.REQ.009 Depending on server hardware architecture, all standard OS should be supported including MS Windows, RHEL, SLES, OEL, Oracle Solaris, AIX. Recommended
WDS.REQ.010 Server should have integrated remote management feature Mandatory
WDS.REQ.011 The system must be compliant with FCC Class A, VCCI Class A, IEC/EN 61000-3-2, IEC/EN 61000-3-3, EN55022, EN55024, ETSI EN300 386, UL/CSA/IEC/EN 60950-1, RoHS etc. Mandatory
WDS.REQ.012 The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory
WDS.REQ.013 The system should be under warranty for minimum 3 years along with support service. Mandatory

Blade chassis

Standard id Standard Clasification
BLD.CHS.001 Single blade Chassis/enclosure should accommodate minimum 14 mixed (half and full height) blade servers Recommended
BLD.CHS.002 Support heterogeneous environment: AMD, Intel CPU blades, RISC/EPIC blades must be in same chassis with scope to run Windows Server, Red Hat Linux, Suse Linux / 64 Bit UNIX or other standard open source OS. Recommended
BLD.CHS.003 Chassis should have a highly reliable mid plane for providing connectivity of the shared resources to the compute nodes in a highly reliable manner Mandatory
BLD.CHS.004 Each enclosure should be configured with redundant Ethernet modules with required number of 10Gbps ports for uplink and downlink. The Ethernet module should be manageable using 1Gbps management port. Mandatory
BLD.CHS.005 The Blade enclosure should be configured with redundant fiber channel module which should have internal fabric connectivity with all the blades and minimum 6 No. of minimum 16 Gbps uplink ports to consolidate the FC uplinks to upstream SAN switches. This module should also provide virtual WWN to the servers in order to assign the servers rapidly. Recommended
BLD.CHS.006 Hot swappable redundant cooling unit must be supported. Mandatory
BLD.CHS.007 Hot swappable redundant power unit must be supported. Mandatory
BLD.CHS.008 Should support Hot Pluggable & fully Redundant Management Modules Mandatory
BLD.CHS.009 The system should be under warranty for minimum 3 years along with support service. Mandatory
BLD.CHS.010 The system should have integrated remote management feature Mandatory
BLD.CHS.011 Must have the ability to automatically trigger events and alerts based on performance issues or thresholds set. Recommended
BLD.CHS.012 The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Unified storage system

Standard id Standard Clasification
USS.REQ.001 The Storage system should have unified capability i.e. should support block and file access with host connectivity for FC, iSCSI, CIFS and NFS. Mandatory
USS.REQ.002 The NAS/Gateway/File serving node should be purpose built appliance and should not be windows based or running on General purpose simple OS or a simple SMB / NFS configured file server. Recommended
USS.REQ.003 The system should be dedicated appliance with specifically optimized OS to provide both SAN and NAS functionalities. The architecture should allow modular upgrades of hardware and software for investment protection. The system should be suitably configured for achieving enhanced performance and throughput. Recommended
USS.REQ.004 The storage system must have dual controllers & file system heads with automatic failover capabilities in case of one controller or head failure. The storage should be installed in the OEM Rack to be supplied. Mandatory
USS.REQ.005 High available internal configuration with redundancy features and no single point of failure. The system should have memory / cache of 16 GB or more across the controllers for block level Mandatory
USS.REQ.006 The storage system should have auto-negotiating 2 / 4 / 8 Gbps FC, 1 GbE and 10 GbE interfaces and licenses for NFS, CIFS, FC and iSCSI protocols. The Storage System should support Raid Levels 0, 5, 6, 10 or equivalent data protections. Multiple raid configurations to be configured in the proposed solution. Recommended
USS.REQ.007 The proposed System must be populated with the following ports. For file-based (NAS) functionality, the solution should be configured with minimum of 4 (or more) x10GigE (Optical 10G Base SR). For Block-based (SAN) functionality, the solution should be configured with 4 (or more) X 8Gbps FC and 2 (or more) X 10G iSCSI. Mandatory
USS.REQ.008 The Storage System should have support for SSD, SAS Drives, NL SAS Drives. The storage system should have support for 6Gbps SAS 2.0 drives. There should not be any legacy 3Gbps technologies used in the entire storage architecture. Proposed system must be able to support all on-line data storage tiers in order to maximize both system performance and capacity scalability. Proposed system should support flash, 10K RPM SAS2.0, 15K RPM SAS 2.0as well as 7.2K RPM drives. Recommended
USS.REQ.009 The storage system is to be supplied with at least 100 TB of usable disk space (binary) scalable upto 150 TB after RAID6 (in 6+2 configuration) and other over heads like formatting, raid configuration, one hot spare disk for every 25 disks and configured with SATA / NL SAS drives for file level access using 4 Tb disks and necessary disk enclosures. Recommended
USS.REQ.010 The storage system is to be supplied with 800 GB SSD storage with not less than 4 Drives. The storage system is also to be supplied with 60 TB of usable disk space (binary) after RAID 6 (in 6+2) and other over heads like formatting, raid configuration, one hot spare disk for every 15 disks and configured with 300GB and 15K RPM SAS 2.0 drives and necessary disk enclosures. All the drives must be in addition to the drives used to hold the system’s OS Recommended
USS.REQ.011 The Storage System should have the capability to support Non-Disruptive Data migration across Volumes. The Storage System Should be configured with host multi-pathing drivers. Recommended
USS.REQ.012 The storage array should support at least 1000 disk drives. No replacement or upgrade of controllers should be required for supporting the 200 disks. It must be a single or tightly clustered singly managed system rather than aggregate of multiple separate smaller boxes. Recommended
USS.REQ.013 The storage should have the ability to create logical volumes without physical capacity being available (Thin Provisioned) or in other words system should allow Over provisioning of the capacity. The feature should be made available for the maximum supported capacity. Recommended
USS.REQ.014 For file access It should be possible to set quotas at a user, group or file set level and should have Microsoft active directory and LDAP integration. Support for heterogeneous client Operating System platforms (on both block and file level) like LINUX , Microsoft Windows, HP-UX, SUN Solaris, IBM-AIX, ESXi, etc Recommended
USS.REQ.015 The Storage System should have the Capability to support creation of instantaneous or Point In Time Snapshot copies of volumes. The snapshot feature should support incremental and thin provisioned volumes. The snapshot feature needs to have at least 90 snapshot copies Recommended
USS.REQ.016 The solution should support virtual infrastructure (like VMware / Hyper-V etc). Should have capabilities for booting VMs from the SAN. Should be supplied with virtualization aware APIs for provisioning and managing the storage array from the virtual infrastructure.Need to discuss Recommended
USS.REQ.017 The solution should support movement of data between different disk tiers based on predefined policies (ie storage tiring). Licensing should be provided. The Storage System shall support Synchronous & Asynchronous Replication for DR Strategy. Recommended
USS.REQ.018 Easy to use GUI based and web enabled administration interface for configuration, managing and administration of file & block storage and associated functionalities including deployment, automation, provisioning, and protection and monitoring management. Solution Should offer real time performance monitoring tools giving information on CPU utilization, volume throughput, I/O rate and latency Mandatory
USS.REQ.019 The Storage box should be connected to the servers through SAN switches in High Available Configuration. (Specifications of the SAN switch enclosed). All necessary cables for connecting the storage with switches are to be supplied. Mandatory
USS.REQ.020 Solution should be provided with full NDMP functionality and license or equivalent. Solution should be fully compatible with all standard backup software’s. There must be redundant 1 Gbps LAN ports / equivalent mechanism for management. The storage shall support all standard SAN & NAS security features. Recommended
USS.REQ.021 The system should not be an end of life / end of service product. Mandatory
USS.REQ.022 Updates and upgrades for minimum three years should be factored Mandatory

SAN storage

Standard id Standard Clasification
SAN.REQ.001 : As per requirements Recommended
SAN.REQ.002 : 8 Gbps or higher (To begin with 8Gbps can be increased upto 32Gbps or more) Recommended
SAN.REQ.003 : Rack mountable Mandatory
SAN.REQ.004 : Disk speed should be minimum 10 Krpm Recommended
SAN.REQ.005 : As per requirements Recommended
SAN.REQ.006 : The Storage system must have Hot swap disks Mandatory
SAN.REQ.007 : The Storage system must have On-line capacity Expansion capability Mandatory
SAN.REQ.008 : The Storage system must have H/W based RAID controller Mandatory
SAN.REQ.009 : The Storage system must have Hot swappable controller Mandatory
SAN.REQ.010 : The Storage system must have RAID protection against double failure in RAID Group Mandatory
SAN.REQ.011 : The Storage system must have Data and control cache swappable Mandatory
SAN.REQ.012 : The Storage system must have Non disruptive on-line firmware upgrade Mandatory
SAN.REQ.013 : The Storage system must have Hot swappable power supply Mandatory
SAN.REQ.014 : The Storage system should have (N+1) redundant power supply Recommended
SAN.REQ.015 : The Storage system should have Hot swappable cooling fans Recommended
SAN.REQ.016 : The Storage system should have (N+1) hot swappable cooling fans Recommended
SAN.REQ.017 : The Storage system must have FC protocol Mandatory
SAN.REQ.018 : Fabric Management Software shall be provided Mandatory
SAN.REQ.019 : The Storage system should have minimum 2 connections from a server to a SAN Switch Recommended
SAN.REQ.020 : Minimum RAID 6 should be implemented Recommended
SAN.REQ.021 : the proposed product/service must not reach End-of-support during the currency of contract Mandatory
SAN.REQ.022 : The system must not be an end of life / end of service product. Mandatory

Tape Library

Standard id Standard Clasification
TL.REQ.001 Offered Tape Library should have modular design to allow configuration, addition of capacity to increase performance. Offered virtual tape Library shall be scalable to at-least four numbers of Front-end heads / Nodes. Tape library shall be configured with minimum 50 number of data cartridges,1 bar code label pack, cleaning cartridge etc. Recommended
TL.REQ.002 Offered Disk library should be offered with minimum of 60 TB of usable space scalable to more than 500 TB of usable space in Raid 5/6 if required by adding additional heads/nodes. Recommended
TL.REQ.003 Each front-end head / Node of Virtual Tape Library should have the ability to configure at least 16 tape Libraries, at least 100 or more tape drives & at-least 2000 Cartridge slots. The Virtual Tape Library should be scalable to minimum of 64 Tape Libraries, minimum 400 Tape drives and minimum 8000 cartridge slots. Recommended
TL.REQ.004 Offered Tape library Solution shall have capability to deliver selective restore from disk Library itself. Recommended
TL.REQ.005 The Tape Library must be compatible with the proposed Storage Solution infrastructure including the SAN Storage, SAN Switch etc. Mandatory
TL.REQ.006 The Tape Library must be compatible with all the leading backup software products. Mandatory
TL.REQ.007 The Tape Library should have the ability to flexibly emulate the most commonly used tape drive/ tape formats like LTO-Gen3, LTO-Gen4, LTO-Gen5 etc. Recommended
TL.REQ.008 Each Offered tape Library head / node should have minimum of 2 x 4Gbps fiber Channel connections to SAN switches. Recommended
TL.REQ.009 Fault tolerance in the offered tape library should be achieved by redundancy technology like RAID 5/6. Recommended
TL.REQ.010 Offered Tape Library shall offer inbuilt Hardware Data compression, without performance degradation, Recommended
TL.REQ.011 Offered Virtual tape library shall support throughput of minimum 1TB/hr and shall be scalable to 10TB per hour by adding more capacity and front-end heads / Nodes. Recommended
TL.REQ.012 The system must not be an end of life / end of service product. Mandatory
TL.REQ.013 Updates and upgrades for minimum three years should be factored Recommended

SAN switch

Standard id Standard Clasification
SAN.REQ.001 : Full fabric architecture Mandatory
SAN.REQ.002 : Rack Mountable 1 U Mandatory
SAN.REQ.003 : Must support D_Port (ClearLink Diagnostic Port), E_Port, EX_Port, F_Port, AE_Port at least Mandatory
SAN.REQ.004 : Must support frame based ISL trunking Mandatory
SAN.REQ.005 : User must choose number of interfaces they require to connect the storage controllers and servers. As a minimum it is recommended to have 24 ports switch and activate license for the required number of ports. User must ask for minimum 16G preferably 32G Fiber Channel ports. Mandatory
SAN.REQ.006 : Aggregate bandwidth requirement has to calculated and mentioned according to the number of ports and speeds of ports asked. However it is recommended to ask at least 1.5 Tbps. Mandatory
SAN.REQ.007 : Latency for locally switched ports has to be less than 700 ns and latency between port groups has to be within 2.6 µs Mandatory
SAN.REQ.008 : Must have dynamic buffer sharing capabilities Mandatory
SAN.REQ.009 : Switch should support following features at least:
Advanced zoning
Fabric Performance Impact Notification (FPIN)
Port Decommission/Fencing
Virtual Fabrics (Logical Switch, Logical Fabric)
Congestion Signaling
Dynamic Path Selection (DPS)
Integrated Routing
Registered State Change Notification (RSCN)
Target-Driven Zoning
Buffer to Buffer Credit Recovery;
Extended Fabrics
 Mandatory
SAN.REQ.010 : The switch must support compression and encryption. Mandatory
SAN.REQ.011 : DH-CHAP (between switches and end devices), FCAP switch authentication; HTTPS, IP filtering, Port Binding, Switch Binding, etc. Mandatory
SAN.REQ.012 : Redundant Power Supply and Fan Module Mandatory
SAN.REQ.013 : Switch shall have support for both CLI and web based management. Also must have RESTful API to manage and configure the switch. Mandatory
SAN.REQ.014 : The switch must support LDAP, RADIUS, TACACS+ for user authentication also have Role-Based Access Control (RBAC) for the users. Mandatory
SAN.REQ.015 : The switch must support Secure Copy (SCP), Secure Syslog, SFTP, SSH v2, SSL protocols, NTPv3. Mandatory
SAN.REQ.016 : The switch must be compatible with storage products of popular storage vendors/OEM Mandatory
SAN.REQ.017 : The switch should have facility for firmware download, support save, and configuration upload/download. Mandatory
SAN.REQ.018 : EN 55032 (Class A), FCC Part 15, Subpart B (Class A), EN 61000-3-2, EN 61000-3-3, EN/IEC 60950-1, RoHS, VCCI, INCITS Fiber Channel and Storage Management standards, RFC 4338, RFC 2837, SNIA Storage Management Initiative Specification, etc. Mandatory
SAN.REQ.019 : The system should be under warranty for minimum 3 years along with support service. Mandatory
SAN.REQ.020 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Core switch

Standard id Standard Clasification
CSW.REQ.001 : The device must be 19’’ rack mountable Mandatory
CSW.REQ.002 : The device must be available either in AC and DC power system as required.
In case of AC power please mention:
[The operating voltage range of the device must support at least between 180V to 260V]
In case of DC power:
[The operating voltage range of the device must support at least between -40V to -72V]
Mandatory
CSW.REQ.003 : Must have Redundant & hot swappable Power Supply Units (PSUs). Mandatory
CSW.REQ.004 : Must have redundant & hot swappable fans. Mandatory
CSW.REQ.005 : Must have redundant processor. Mandatory
CSW.REQ.006 : Support Redundancy for processors in switching over, to allow the standby processor to immediately take over Mandatory
CSW.REQ.007 : All components must be hot swappable with zero disruption to traffic forwarding (Unicast or multicast). Mandatory
CSW.REQ.008 : Must be modular in architecture Mandatory
CSW.REQ.009 : For high availability & performance must have redundant supervisory/service engine or processing unit Mandatory
CSW.REQ.010 : Chassis Switching Fabric Must be capable of delivering required bandwidth per I/O slot. Mandatory
CSW.REQ.011 : Must support port channeling or port grouping or equivalent across multiple chassis. Mandatory
CSW.REQ.012 : Physical standards for Network Device Should support Ethernet (IEEE 802.3, 10BASE-T), Fast Ethernet (IEEE 802.3u, 100BASE-TX), Gigabit Ethernet (IEEE 802.3z, 802.3ab), Ten Gigabit Ethernet (IEEE 802.3ae), 40/100 Gigabit Ethernet (IEEE 802.3ba, IEEE 802.3bg, IEEE 802.3bm) Mandatory
CSW.REQ.013 : Software based standards for Network Device Must support
IEEE 802.1d - Spanning-Tree Protocol,
IEEE 802.1w - Rapid Spanning Tree,
IEEE 802.1s - Multiple Spanning Tree Protocol,
IEEE 802.1q - VLAN encapsulation,
IEEE 802.3ad - Link Aggregation Control Protocol (LACP),
IEEE 802.1ab - Link Layer Discovery Protocol (LLDP),
IEEE 802.3x Flow Control
 Mandatory
CSW.REQ.014 : Must support auto-sensing and auto-negotiation like Link Speed/Duplex Mandatory
CSW.REQ.015 : Should support Bidirectional Forwarding Detection (BFD) Mandatory
CSW.REQ.016 : Routing protocol support; Static IP routing, OSPF, BGPv4, MP-BGP, BGP Route Mandatory
CSW.REQ.017 : The network infrastructure must allow for multiple equal metric/cost routes to be utilized at the same time Mandatory
CSW.REQ.018 : The switch must support multi-chassis clustering technology and/or multi-chassis link aggregation group (MLAG) and/or stacking of multi-chassis switch to act as one switch for scalability and high availability. Mandatory
CSW.REQ.019 : Must have the ability to complete software upgrades with zero interruption to services or data forwarding Mandatory
CSW.REQ.020 : Should support 802.1 Q-in-Q Mandatory
CSW.REQ.021 : IEEE 802.3ad Link Aggregation or equivalent capabilities Mandatory
CSW.REQ.022 : Must support IPv6 and supported IPv6 feature should include at least IPv6 Static routing, OSPFv3, DHCPv6, ICMPv6, IPv6 QoS, IPv6 Multicast support, IPv6 PIMv2 Sparse Mode, IPv6 PIMv2 Source-Specific Multicast Mandatory
CSW.REQ.023 : The switch should support dual stack also should have the ability to tunnel IPv6 within IPv4. Mandatory
CSW.REQ.024 : Device must support multicast in hardware Mandatory
CSW.REQ.025 : The switch must support IEEE 802.1 QBR/ 802.1 BR standard to support scalability and extension of switching fabric to additional ports if required outside chassis. Mandatory
CSW.REQ.026 : The system must allow extending Layer 2 applications across distributed data centers Mandatory
CSW.REQ.027 : Must support multiple privilege levels for remote access Mandatory
CSW.REQ.028 : Must support AAA, Remote Authentication Dial-In User Service (RADIUS) and/or Terminal Access Controller Access Control System Plus (TACACS+) Mandatory
CSW.REQ.029 : Must support IEEE 802.1p class-of-service (CoS) prioritization Mandatory
CSW.REQ.030 : Must support rate limiting (to configurable levels) based on source/destination IP/MAC, L4 TCP/UDP Mandatory
CSW.REQ.031 : Must have the ability to complete traffic shaping to configurable levels based on source/destination IP/MAC and Layer 4 (TCP/UDP) protocols Mandatory
CSW.REQ.032 : There should not be any impact to performance or data forwarding when QoS features Mandatory
CSW.REQ.033 : Must support a "Priority" queuing mechanism to guarantee delivery of highest-priority (broadcast critical/delay-sensitive traffic) packets ahead of all other traffic Mandatory
CSW.REQ.034 : Must support ability to trust the QoS markings received on an ingress port Mandatory
CSW.REQ.035 : The switch must support creation of overlay network and have support for BGP-EVPN, VXLAN, QinQ etc. The switch should also have virtualization capability to make one switch into multiple virtual switch. Mandatory
CSW.REQ.036 : Must support SNMP V3 and has to be at least MIB-II compliant Mandatory
CSW.REQ.037 : Must support SNMP traps for alarms/alerts transportation Mandatory
CSW.REQ.038 : Network switch should support Remote Monitoring on every port covering features Mandatory
CSW.REQ.039 : Must be able to integrate with all standard Network Management Systems, features Mandatory
CSW.REQ.040 : Should support flow based traffic analysis features and the ability to features Mandatory
CSW.REQ.041 : Must support Network Timing Protocol (NTPv3) Mandatory
CSW.REQ.042 : Depending on the actual requirement and future growth, line cards/interface modules has to be elected by the user. There shall be two major category of interfaces for uplink devices and downlink devices. It is recommended to choose 40Gbps or above for Uplink and at least 10/25Gbps for downlink. The core switch downlink must connect to Server Farm switches (TOR & EOR or Spine & Leaf) or Aggregation switch, not to the servers/host devices directly. Requirement has to be defined accordingly. Also required number of optical modules has to be mentioned with their corresponding types (e.g. multimode/single mode, SR/LR/ZR/others, distance etc.) Mandatory
CSW.REQ.043 : User must mention the switching capacity requirement. Switching capacity has to be calculated based on the following formula:
Switching Capacity = No. of Ports*Rate of each port*2

e.g. a switch with 24*10Gbps and 2*40Gbps ports will have following switching capacity:

Switching Capacity/Bandwidth = (24*10 Gbps*2) + (2*40Gbps*2)
= 480 Gbps+ 160 Gbps
= 640 Gbps
 Mandatory
CSW.REQ.044 : User must mention the Forwarding rate requirement. Forwarding rate has to be calculated based on the following formula:
Considering Gigabit interface forwarding rate = 1.488 Mpps
Forwarding Rate = Port Numbers * Port Speed in Mbps/1000 * 1.488 Mpps

e.g. a switch with 24*10Gbps and 2*40Gbps ports will have following forwarding rate:

Forwarding rate = (24*10000/1000*1.488) + (2*40000/1000*1.488)
= 357.12 + 119.04 Mpps
= 476.16 Mpps
 Mandatory
CSW.REQ.045 : Capacity for minimum 192K MAC address entries Mandatory
CSW.REQ.046 : Must support jumbo frame of size 9198 bytes Mandatory
CSW.REQ.047 : Must support minimum 4000 VLANs Mandatory
CSW.REQ.048 : Switch must support VRRP, VRF, MPLS, Policy based routing, ACL, DSCP etc. Mandatory
CSW.REQ.049 : Must have following security features:
Spanning Tree Port Fast
Root Guard
Storm control (multicast and broadcast)
Link-level flow control (IEEE 802.3x)
Should support CPU defense
DoS attack defense
ARP attack defense, and
ICMP attack defense
MACsec in accordance with IEEE 802.1AE
 Mandatory
CSW.REQ.050 : FCC Class A, VCCI Class A, IEC/EN 61000-3-2, IEC/EN 61000-3-3, EN55022, EN55024, ETSI EN300 386, UL/CSA/IEC/EN 60950-1, RoHS etc. Mandatory
CSW.REQ.051 : The system should be under warranty for minimum 3 years along with support service. Mandatory
CSW.REQ.052 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Aggregation switch

Standard id Standard Clasification
AS.REQ.001 : Must be modular in architecture with redundant processor and service engine/supervisory engine Mandatory
AS.REQ.002 : User must mention the switching capacity requirement. Switching capacity has to be calculated based on the following formula:
Switching Capacity = No. of Ports*Rate of each port*2

e.g. a switch with 24*10Gbps and 2*40Gbps ports will have following switching capacity:

Switching Capacity = (24*10 Gbps*2) + (2*40Gbps*2)
= 480 Gbps+ 160 Gbps
= 640 Gbps
 Mandatory
AS.REQ.003 : User must mention the Forwarding rate requirement. Forwarding rate has to be calculated based on the following formula:
Considering Gigabit interface forwarding rate = 1.488 Mpps
Forwarding Rate = Port Numbers * Port Speed in Mbps/1000 * 1.488 Mpps

e.g. a switch with 24*10Gbps and 2*40Gbps ports will have following forwarding rate:

Forwarding rate = (24*10000/1000*1.488) + (2*40000/1000*1.488) Mpps
= 357.12 + 119.04 Mpps
= 476.16 Mpps
 Mandatory
AS.REQ.004 : Physical standards for Network Device Should support Ethernet (IEEE 802.3, 10BASE-T), Fast Ethernet (IEEE 802.3u, 100BASE-TX), Gigabit Ethernet (IEEE 802.3z, 802.3ab), Ten Gigabit Ethernet (IEEE 802.3ae), 40/100 Gigabit Ethernet (IEEE 802.3ba, IEEE 802.3bg, IEEE 802.3bm) Mandatory
AS.REQ.005 : Depending on the actual requirement and future growth, interface modules has to be chosen by the user. It is recommended to choose 10Gbps or above for Uplink and 1/10Gbps for downlink as required. Also required number of optical modules has to be mentioned with their corresponding types (e.g. multimode/single mode, SR/LR/ZR, distance etc.) for optical ports. Mandatory
AS.REQ.006 : Non-blocking switch architecture Mandatory
AS.REQ.007 : 802.3ad based standard port/link aggregation, Jumbo frames, storm control Mandatory
AS.REQ.008 : Support at least 4000 VLAN and 64,000 MAC Address Features Mandatory
AS.REQ.009 : Software based standards for Network Device Must support
IEEE 802.1d - Spanning-Tree Protocol,
IEEE 802.1w - Rapid Spanning Tree,
IEEE 802.1s - Multiple Spanning Tree Protocol,
IEEE 802.1q - VLAN encapsulation,
IEEE 802.3ad - Link Aggregation Control Protocol (LACP),
IEEE 802.1ab - Link Layer Discovery Protocol (LLDP),
IEEE 802.3x Flow Control
 Mandatory
AS.REQ.010 : Must support AAA, Remote Authentication Dial-In User Service (RADIUS) and/or Terminal Access Controller Access Control System Plus (TACACS+) Mandatory
AS.REQ.011 : MAC Address filtering based on source and destination address Mandatory
AS.REQ.012 : Support for various ACLs like port based, vlan based and L2- L4 ACL's Mandatory
AS.REQ.013 : Layer3 routing protocols like Static, Inter VLAN routing, OSPFv4, RIPng Mandatory
AS.REQ.014 : Minimum 8 number of hardware queues per port Mandatory
AS.REQ.015 : DSCP, 802.1p Mandatory
AS.REQ.016 : IGMP v1,v2,v3, IGMP snooping, PIM SM/DM, MLD Mandatory
AS.REQ.017 : SNMP v3, RMON/RMON-II enabled, SSH, telnet, GUI, Web management and should have out of Band Management port Mandatory
AS.REQ.018 : Switch should support port mirroring feature for monitoring network traffic of a particular port/VLAN. Mandatory
AS.REQ.019 : Switch should support Link Aggregation on two different switches Mandatory
AS.REQ.020 : Built-in real-time performance monitoring capabilities Mandatory
AS.REQ.021 : Switch should have internal Hot Swappable redundant Power Supply Mandatory
AS.REQ.022 : Should have redundant cooling FANS Mandatory
AS.REQ.023 : Support consolidating IP, Storage, FC and traditional Ethernet protocols into single media Mandatory
AS.REQ.024 : Must have following security features:
Spanning Tree Port Fast
Root Guard
Storm control (multicast and broadcast)
Link-level flow control (IEEE 802.3x)
Should support CPU defense
DoS attack defense
ARP attack defense, and
ICMP attack defense
MACsec in accordance with IEEE 802.1AE
 Mandatory
AS.REQ.025 : The switch should be IPV6 complaint Mandatory
AS.REQ.026 : FCC Class A, VCCI Class A, IEC/EN 61000-3-2, IEC/EN 61000-3-3, EN55022, EN55024, ETSI EN300 386, UL/CSA/IEC/EN 60950-1, RoHS etc. Mandatory
AS.REQ.027 : The system should be under warranty for minimum 3 years along with support service. Mandatory
AS.REQ.028 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Access Switch

Standard id Standard Clasification
MAS.REQ.001 : User must choose type of access switch depending on the purpose of use (e.g. Access switch for LAN, Access switch for Data Center, Access switch for WLAN, Access switch for IoT devices etc.) Mandatory
MAS.REQ.002 : Must be Stackable switch Mandatory
MAS.REQ.003 : Rack mountable maximum 1U Mandatory
MAS.REQ.004 : User must mention type of interfaces and quantity as required for their purpose of use. Depending on the end devices interface type which will be connected to the switch, interface type has to be chosen. However, it is recommended to use minimum 1 Gigabit Ethernet ports (copper or optical) with required number of 10 Gbps uplink ports to be connected to the aggregation switch. For WLAN, the ports have to be POE+ to connect to the Wireless Access Points or devices consumes power from the access switch. Mandatory
MAS.REQ.005 : For industrial edge devices (e.g. IoT devices, camera etc.) it is recommended to choose switch having following feature at least:
Hardened to be durable against shock, surge, electrical noise and vibration
Must be durable in outdoor environments
Must be functional in temperature like -40°C to 70°C
Must support IEEE 1588v2 Precision Timing Protocol (PTP)
Must support 802.1X security standards
Must support ERPS ring for quick failover
Other requirement has to be adjusted accordingly since all general access switch feature are not required for industrial switches.		 Recommended
MAS.REQ.006 : Switch should support link aggregation across multiple switches in a stack. Mandatory
MAS.REQ.007 : Switch should have non-blocking wire-speed architecture. Mandatory
MAS.REQ.008 : Switch should support IPv4 and IPv6 Mandatory
MAS.REQ.009 : User must mention the switching capacity requirement. Switching capacity has to be calculated based on the following formula:
Switching Capacity = No. of Ports*Rate of each port*2

e.g. a switch with 24*10Gbps and 2*40Gbps ports will have following switching capacity:

Switching Capacity = (24*10 Gbps*2) + (2*40Gbps*2)
= 480 Gbps+ 160 Gbps
= 640 Gbps
 Mandatory
MAS.REQ.010 : User must mention the Forwarding rate requirement. Forwarding rate has to be calculated based on the following formula:
Considering Gigabit interface forwarding rate = 1.488 Mpps
Forwarding Rate = Port Numbers * Port Speed in Mbps/1000 * 1.488 Mpps

e.g. a switch with 24*10Gbps and 2*40Gbps ports will have following forwarding rate:

Forwarding rate = (24*10000/1000*1.488) + (2*40000/1000*1.488) Mpps
= 357.12 + 119.04 Mpps
= 476.16 Mpps
 Mandatory
MAS.REQ.011 : IEEE 802.1Q VLAN tagging. Mandatory
MAS.REQ.012 : 802. 1Q VLAN on all ports with support for minimum 1024 VLAN Mandatory
MAS.REQ.013 : Support for minimum 16k MAC addresses Mandatory
MAS.REQ.014 : Spanning Tree Protocol as per IEEE 802.1d Mandatory
MAS.REQ.015 : Multiple Spanning-Tree Protocol as per IEEE 802.1s Mandatory
MAS.REQ.016 : Rapid Spanning-Tree Protocol as per IEEE 802.1w Mandatory
MAS.REQ.017 : Self-learning of unicast & multicast MAC addresses and associated VLANs Mandatory
MAS.REQ.018 : Jumbo frames up to 9000 bytes Mandatory
MAS.REQ.019 : Link Aggregation Control Protocol (LACP) as per IEEE 802.3ad. Mandatory
MAS.REQ.020 : Port mirroring functionality for measurements using a network analyzer. Mandatory
MAS.REQ.021 : Switch should support IGMP v1/v2/v3 as well as IGMP v1/v2/v3 snooping. Mandatory
MAS.REQ.022 : Switch should support classification and scheduling as per IEEE 802.1P on all ports. Mandatory
MAS.REQ.023 : Switch should support four queues per port. Mandatory
MAS.REQ.024 : Switch should support QoS configuration on per switch port basis. Mandatory
MAS.REQ.025 : Switch should support classification and marking based on IP Type of Service (TOS) and DSCP. Mandatory
MAS.REQ.026 : Switch should provide traffic shaping and rate limiting features (for egress as well as ingress traffic) for specified Host, network, Applications etc. Mandatory
MAS.REQ.027 : Strict priority queuing guarantees that the highest-priority packets are serviced ahead of all other traffic. Mandatory
MAS.REQ.028 : Switch should support MAC address based filters / access control lists (ACLs) on all switch ports. Mandatory
MAS.REQ.029 : Switch should support Port as well as VLAN based Filters / ACLs. Mandatory
MAS.REQ.030 : Switch should support RADIUS and TACACS+ for access restriction and authentication. Mandatory
MAS.REQ.031 : Secure Shell (SSH) Protocol, HTTP and DoS protection Mandatory
MAS.REQ.032 : IP Route Filtering, ARP spoofing, DHCP snooping etc. Mandatory
MAS.REQ.033 : Should support DHCP snooping, DHCP Option 82, Dynamic ARP Inspection (DAI) Mandatory
MAS.REQ.034 : Should support a mechanism to shut down Spanning Tree Protocol Port Fast-enabled interfaces when BPDUs are received to avoid accidental topology loops. Mandatory
MAS.REQ.035 : Should support a mechanism to prevent edge devices not in the network administrator's control from becoming Spanning Tree Protocol root nodes. Mandatory
MAS.REQ.036 : Switch should support static ARP, Proxy ARP, UDP forwarding and IP source guard. Mandatory
MAS.REQ.037 : Switch should have a console port with RS-232 Interface for configuration and diagnostic purposes. Mandatory
MAS.REQ.038 : Switch should be SNMP manageable with support for SNMP Version 3. Mandatory
MAS.REQ.039 : Switch should support all the standard MIBs (MIB-I & II). Mandatory
MAS.REQ.040 : Switch should support TELNET and SSH Version-2 for Command Line Management. Mandatory
MAS.REQ.041 : Switch should support 4 groups of embedded RMON (history, statistics, alarm and events). Mandatory
MAS.REQ.042 : Switch should support system and event logging functions as well as forwarding of these logs to multiple syslog servers. Mandatory
MAS.REQ.043 : Switch should support on-line software reconfiguration to implement changes without rebooting. Any changes in the configuration of switches related to Layer-2 & 3 functions, VLAN, STP, Security, QoS should not require rebooting of the switch. Mandatory
MAS.REQ.044 : Support for Automatic Quality of Service for easy configuration of QoS features for critical applications. Mandatory
MAS.REQ.045 : Support for Unidirectional Link Detection Protocol (UDLD) to detect unidirectional links caused by incorrect fiber-optic wiring or port faults and disable on fiber-optic interfaces Mandatory
MAS.REQ.046 : Switch should have comprehensive debugging features required for software & hardware fault diagnosis. Mandatory
MAS.REQ.047 : Layer 2/Layer 3 trace route eases troubleshooting or equivalent feature supporting IEEE 802.1 AG, IEEE 802.3 AH identifying the physical path that a packet takes from source to destination. Mandatory
MAS.REQ.048 : Should support DHCP Server feature to enable a convenient deployment option for the assignment of IP addresses in networks that do Mandatory
MAS.REQ.049 : Not have without a dedicated DHCP server. Mandatory
MAS.REQ.050 : Switch should support Multiple privilege levels to provide different levels of access. Mandatory
MAS.REQ.051 : Switch should support NTP (Network Time Protocol) Mandatory
MAS.REQ.052 : Switch should support FTP/ TFTP Mandatory
MAS.REQ.053 : FCC Class A, VCCI Class A, IEC/EN 61000-3-2, IEC/EN 61000-3-3, EN55022, EN55024, ETSI EN300 386, UL/CSA/IEC/EN 60950-1, RoHS etc. Mandatory
MAS.REQ.054 : The system should be under warranty for minimum 3 years along with support service. Mandatory
MAS.REQ.055 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Load balancer

Standard id Standard Clasification
LB.REQ.001 : The proposed load balancer should have the capability to be configured as the SSL/TLS termination point for HTTPS requests. Mandatory
LB.REQ.002 : The proposed load balancer should have the capability to be configured to cache the static content that it receives from origin or backend servers in its process memory. Mandatory
LB.REQ.003 : The proposed load balancer should have the capability to be configured to compress data received from servers in the back end and forward the compressed content to the requesting clients. Mandatory
LB.REQ.004 : The proposed load balancer should have the capability to be configured to limit the number of concurrent connections to a server in the back end. Mandatory
LB.REQ.005 : The proposed load balancer should support L4, L7 & DDOS mitigation in both layers Mandatory
LB.REQ.006 : The proposed load balancer should have the capability to limit the number of concurrent connections to clients and the maximum speed at which data can be transferred to clients. Mandatory
LB.REQ.007 : The proposed load balancer should have the capability to limit the rate of requests from specific clients and request types. Mandatory
LB.REQ.009 : The proposed load balancer should have the capability of Local and Remote logging support Mandatory
LB.REQ.010 : The system should be under warranty for minimum 3 years along with support service. Mandatory
LB.REQ.011 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Virtualization

Standard id Standard Clasification
VIRT.REQ.001 Virtualization software shall provide a Virtualization layer that sits directly on the bare metal server hardware with no dependence on a general purpose OS for greater reliability and security Mandatory
VIRT.REQ.002 Virtualization software shall integrate with NAS, FC, FCoE and iSCSI SAN and infrastructure from leading vendors leveraging high performance shared storage to centralize virtual machine file storage for greater manageability, flexibility and availability. Mandatory
VIRT.REQ.003 Virtualization software shall allow heterogeneous support for guest Operating systems like Windows client, Windows Server, Linux (different versions of standard OS like Red Hat, SUSE, Oracle Linux, Ubuntu, CentOS, Solaris x86) Mandatory
VIRT.REQ.004 Virtualization software should have storage defining capability according to requirement, which will enable rapid and intelligent deployment & placement of virtual machines based on SLA, availability, performance or other requirements and provided storage capabilities. Mandatory
VIRT.REQ.005 Virtualization software shall be able to dynamically allocate and balance computing capacity across collections of hardware resources aggregated into one unified resource pool with optional control over movement of virtual machines like restricting VMs to run on selected physical hosts. Mandatory
VIRT.REQ.006 Virtualization software should support connecting smart card readers to multiple virtual machines, which can then be used for smart card authentication to virtual machines. Mandatory
VIRT.REQ.007 Virtualization software should provide smart virtual machine disk placement and load balancing mechanisms based on I/O and space capacity which will help decrease operational effort associated with the provisioning of virtual machines and the monitoring of the storage environment. Mandatory
VIRT.REQ.008 Virtualization software should have the provision to provide zero downtime, zero data loss and continuous availability for the applications running in virtual machines in the event of physical host failure, without the cost and complexity of traditional hardware or software clustering solutions. Mandatory
VIRT.REQ.009 It should provide QoS capabilities for storage I/O in the form of I/O shares and limits that are enforced across all virtual machines accessing a storage, regardless of which host they are running on. Use Storage I/O Control to ensure that the most important virtual machines get adequate I/O resources even in times of congestion. The feature should be available for FC, iSCSI and NFS storage datastores. Mandatory
VIRT.REQ.010 Virtualization software should provide network traffic-management controls to allow flexible partitioning of physical NIC bandwidth between different network-traffic types and allow user-defined network resource pools, enabling multi-tenancy deployment, and to bridge virtual and physical infrastructure QoS with per resource pool 802.1 tagging. Mandatory
VIRT.REQ.011 Allow virtual machines to directly access physical network and storage I/O devices enhancing CPU efficiency in handling workloads that require constant and frequent access to I/O devices. Mandatory
VIRT.REQ.012 The virtualization software should provide Simple and cost effective backup and recovery for virtual machines which should allow admins to back up virtual machine data to disk without the need of agents and this backup solution should have built-in variable length de-duplication capability. Mandatory
VIRT.REQ.013 The virtualization software should provide in-built Replication capability which will enable efficient array-agnostic replication of virtual machine data over the LAN or WAN. This Replication should simplify management enabling replication at the virtual machine level and enabling RPOs as low as 15 minutes. Mandatory
VIRT.REQ.014 The solution should support enforcing security for virtual machines at the Ethernet layer. Disallow promiscuous mode, sniffing of network traffic, MAC address changes, and forged source MAC transmits. Mandatory
VIRT.REQ.015 It should include proactive smart alerts with self-learning performance analytics capabilities Mandatory
VIRT.REQ.016 The solution should provide a framework that will enable the virtualization and management of local Flash-based devices on the physical host providing increase in read performance. This Flash Read Cache technology will enable the pooling of multiple Flash-based devices into a single consumable file system Mandatory
VIRT.REQ.017 The solution should provide in-built enhanced host-level packet capture tool which will provide functionalities like SPAN, RSPAN, ERSPAN and will capture traffic at uplink, virtual switch port and virtual nic level. It should also be able to capture dropped packets and trace the path of a packet with time stamp details Mandatory
VIRT.REQ.018 The solution should provide a “Latency Sensitivity” setting in a VM that can be tuned to help reduce virtual machine latency. When the Latency sensitivity is set to high the hypervisor will try to reduce latency in the virtual machine by reserving memory, dedicating CPU cores and disabling network features that are prone to high latency. Mandatory
VIRT.REQ.019 The management software should provide means to perform quick, as-needed deployment of additional hypervisor hosts. This automatic deployment should be able to push out update images, eliminating patching and the need to schedule patch windows. Mandatory
VIRT.REQ.020 Virtualization management software console shall provide Interactive topology maps to visualize the relationships between physical servers, virtual machines, networks and storage. Also generate automated notifications and alerts, and can trigger automated workflows to remedy and pre-empt problems. Mandatory
VIRT.REQ.021 Should provide integration of 3rd party endpoint security to secure the virtual machines with offloaded antivirus and antimalware solutions without the need for agents inside the virtual machines. Mandatory
VIRT.REQ.022 Support OEM to be able to provide direct support. Mandatory
VIRT.REQ.023 Virtualization Management Software should be in the Gartner's Magic Quadrant at least from last 3 years. Mandatory
VIRT.REQ.024 The system should be under warranty for minimum 3 years along with support service. Mandatory
VIRT.REQ.025 The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

General

Standard id Standard Clasification
EMS.GEN.001 The Enterprise Management System (EMS) should be able to manage all enterprise resources with a solution that encompasses the heterogeneous networks, systems, applications, desktops and databases present in the system. It should have the capability to consolidate all the information to one console with a support for providing a Web interface. Recommended
EMS.GEN.002 The system should be from same OEM for seamless integration as well as OEM products should be recognized by industry analysts like Gartner\Forrester\IDC. Recommended
EMS.GEN.003 The discovery services in the EMS should discover systems, network devices and the topology. This capability should allow for a complete inventory of all visible IT resources. The inventory scanning process should be able to discover any custom IT resources, such as interface applications. Recommended
EMS.GEN.004 The system should be inclusive with hardware, OS, patches, etc. and should have compatibility to standard RDBMS. Recommended
EMS.GEN.005 The system should provide for future scalability of the whole system without major architectural changes. Recommended
EMS.GEN.006 The system should provide fault and performance management for multi-vendor TCP/IP networks. Recommended
EMS.GEN.007 The system should be a fully integrated system with all modules tightly integrated with each other. Recommended

User Interface

Standard id Standard Clasification
EMS.UI.001 The EMS should provide a Graphical User Interface which is user-friendly to depict all the IT infrastructure and applications, making IT management much more intuitive. The EMS should offer a Web browser interface. The Web browser interface should enable management of IT resources via Internet or Intranet access. Recommended

Event Management

Standard id Standard Clasification
EMS.EM.001 The EMS should offer a solution to the problem of managing exception events. It should correlate and filter events from different types of IT resources, and pinpoint the root cause of a problem. Recommended
EMS.EM.002 This event manager should also permit integrating custom applications with the EMS. It should be used to integrate not only management applications, but also general business applications to make them easier to manage. Recommended
EMS.EM.003 With event filtering and correlation, multi-level managers and agents, automatic corrective measure, the EMS should provide comprehensive event management capabilities. It should eliminate the clutter of spurious alarms and simplify the management of complex IT infrastructure. It should help to notify through cell phone and email, of various/selective events occurring in the enterprise. Recommended

Software Distribution

Standard id Standard Clasification
EMS.SD.001 The software distribution function should provide flexible and scalable delivery, installation, and configuration of software. Recommended
EMS.SD.002 The software distribution should support customizable distribution schedules, alternate methods, heterogeneous network protocols, diverse operating systems and both push and pull distribution modes. Recommended
EMS.SD.003 Compression should be supported while distributing the software across WAN. Furthermore, its integration with the event management functions of the EMS should provide complete tracking, logging, and automated correction of failures during the delivery and installation process. In addition, its integration with the security functions of the EMS should enable administrators to deliver software with peace of mind. Recommended
EMS.SD.004 It should be possible to store images of the servers and desktops and restore images from the image server. Recommended

Network Management

Standard id Standard Clasification
EMS.NM.001 The Network Management function should monitor performance across heterogeneous networks from one end of the enterprise to the other. Recommended
EMS.NM.002 It should proactively analyze problems to improve network performance. The Network Management function should have extensive reporting facility, providing the ability to format and present data in a graphical and tabular display. Recommended
EMS.NM.003 The Network Management function should collect and analyze the data. Once collected, it should automatically store data gathered by the NMS system in a database. This enterprise-wide data should be easily accessed from a central location and used to help with capacity planning, reporting and analysis. Recommended
EMS.NM.004 The Network Management function should provide information on performance of Ethernet segments, including capacity utilization and error statistics for the segment and the top-contributing hosts, WAN links and routers. Recommended
EMS.NM.005 Alerts should be shown on the Event Management map when thresholds are exceeded and should subsequently be able to inform Network Operations Center (NOC) and notify concerned authority using different methods such as pagers, emails, etc. It should be able to automatically generate a notification in the event of a link failure to ensure proper handling of link related issues. Recommended

Server Management

Standard id Standard Clasification
EMS.SM.001 Processors: Each processor in the system should be monitored for CPU utilization. Current utilization should be compared against user-specified warning and critical thresholds. Recommended
EMS.SM.002 File Systems: Each file system should be monitored for the amount of file system space used, which is compared to user-defined warning and critical thresholds. Recommended
EMS.SM.003 Log Files: Logs should be monitored to detect faults in the operating system, the communication subsystem, and in applications. The function should also analyze the files residing on the host for specified string patterns. Recommended
EMS.SM.004 System Processes: The System Management function should provide real-time collection of data from all system processes. This should identify whether or not an important process has stopped unexpectedly. Critical processes should be automatically restarted using the System Management function. Recommended
EMS.SM.005 Memory: The System Management function should monitor memory utilization and available swap space. Recommended
EMS.SM.006 Event Log: User-defined events in the security, system, and application event logs should be monitored. Recommended

Reporting

Standard id Standard Clasification
EMS.REP.001 The Reporting and Analysis tool should provide a ready-to-use view into the wealth of data gathered by Management system and service management tools. It should consolidate data from all the relevant modules and transform it into easily accessible business-relevant information. This information, should be presented in a variety of graphical formats can be viewed interactively (slice, dice, drill down, drill through). Recommended
EMS.REP.002 The tool should allow customers to explore the real-time data in a variety of methods and patterns, and then produce reports to analyze the associated business and service affecting issues. The presentation of reports should be in an easy to analyze graphical form, enabling the administrator to put up easily summarized reports to the management for quick action (Customizable Reports). Recommended
EMS.REP.003 The software should be capable of supporting the needs to custom make some of the reports as per the needs of the organization. Provide Historical Data Analysis: The software should be able to provide a time snapshot of the required information as well as the period analysis of the same in order to help in projecting the demand for bandwidth in the future. Recommended

Service Level Management

Standard id Standard Clasification
EMS.SLM.001 The system should provide a detailed service dashboard view indicating the health of each of the departments / offices in the organization and the health of the services they rely on as well as the SLAs. Recommended
EMS.SLM.002 The system should provide an outage summary that gives a high level health indication for each service as well as the details and root cause of any outage. Recommended
EMS.SLM.003 The system should be capable of managing IT resources in terms of the business services they support, specify and monitor service obligations, and associate users/Departments/ Organizations with the services they rely on and related Service/Operational Level Agreements. Recommended
EMS.SLM.004 The Service Level Agreements (SLAs) definition facility should support defining a set of one or more service that specify the Service obligations stipulated in an SLA contract for a particular time period (weekly, monthly, and so on). Recommended
EMS.SLM.005 SLA violation alarms should be generated to notify whenever an agreement is violated or is in danger of being violated. Recommended
EMS.SLM.006 The system should provide the capability to designate planned maintenance periods for services and take into consideration maintenance periods defined at the IT resources level. In addition the capability to exempt any service outage from impacting an SLA should be available. Recommended
EMS.SLM.007 The reports regarding SLA should include one that monitors service availability (including Mean Time to Repair (MTTR), Mean Time between Failure (MTBF), and Maximum Outage Time thresholds) and the other that monitors service transaction response time. Recommended
EMS.SLM.008 The system should provide a historical reporting facility that should allow for the generation of on-demand and scheduled reports of Service related metrics with capabilities for customization of the report presentation. Recommended
EMS.SLM.009 The system should provide for defining service policies like Service Condition High\Low Sensitivity, Port Status High\Low Sensitivity should be provided out of the box. Recommended
EMS.SLM.010 The system should display option on Services, Customer, SLAs, SLA templates. The customer definition option should allow associating a service or an SLA with a customer. Recommended

Helpdesk Management

Standard id Standard Clasification
EMS.HM.001 The helpdesk management system should provide flexibility of logging, viewing, updating and closing incident manually via web interface. The web interface console would also offer power-users tips. Recommended
EMS.HM.002 The system should support ITIL processes like request management, problem management, configuration management, change order management, etc. with out-of-the-box templates for various ITIL service support processes. Each incident should be able to associate multiple activity logs entries via manual update or automatic update from other enterprise management tools. Recommended
EMS.HM.003 The system should be able to provide flexibility of incident assignment based on the workload, category, location etc. Recommended
EMS.HM.004 Each escalation policy should allow easy definition on multiple escalation levels and notification to different personnel via window GUI/console with no programming. Recommended
EMS.HM.005 The knowledge tools solution of the system should provide grouping access on different security knowledge articles for different group of users. Recommended
EMS.HM.006 The system should have an updateable knowledge base for technical analysis and further help end-users to search solutions for previously solved issues. Recommended
EMS.HM.007 The system should support tracking of SLA (service level agreements) for call requests within the help desk through service types. Recommended
EMS.HM.008 The system should be capable of assigning call requests to technical staff manually as well as automatically based on predefined rules, and should support notification and escalation over email, web etc. Recommended
EMS.HM.009 The system should integrate tightly with the Knowledge tools and CMDB and should be accessible from the same login window. Recommended
EMS.HM.010 The system should allow the IT team to see the CI relationships in pictorial format, with a specified number of relationships on single window. The system should allow have a built-in workflow engine. The system should allow support Non-linear workflows with decision based branching and the ability to perform parallel processing. It should also have a graphical workflow designer with drag and drop feature for workflow creation and updates. The proposed helpdesk solution should have an integrated CMDB for better configuration management and change management process. Recommended
EMS.HM.011 It should support remote management for end-user and allow analysts to do the desktop sharing for any system located anywhere, just connected to internet. Remote desktop sharing in Service desk tool should be agent less and all activity should be automatically logged into the service desk ticket. Recommended
EMS.HM.012 It should allow IT team to create solution and make them available on the end - user login window for the most common requests. Recommended

Data Center Infrastructure Management (DCIM)

Standard id Standard Clasification
EMS.DCIM.001 The system should have Site Management Tools to Track and report the health of facility infrastructure and provide information on power, cooling and environmental conditions such as:
Power & Energy (kW, kWh)
Electrical parameters (A, V, kVA, PF, Hz etc.)
Temperature
Humidity
Air flow
Leak detection
 Recommended
EMS.DCIM.002 The system should provide customizable notification and threshold validation functions that will allow focus on active alarms requiring immediate action. Recommended
EMS.DCIM.003 The system should have power system management tools to:
Provide a comprehensive view of the data center power system from power source (service entrance) to cabinet power distribution.
Represent Power distribution with actual single-line diagram of the facility to allow data center managers to visualize the operating state of all the devices as well as associated dependencies.
Measure power consumption at device level (Servers, network, storage & cooling devices)
Measure (not estimate) power consumption of servers using soft-metering technique (through IPMI/SNMP based polling of the devices).
Recommended
EMS.DCI.004 The system should have energy efficiency tools with following functionalities:
Visibility into the energy consumption and operating efficiencies within the data center should be provided in a unified dashboard.
Historical and current condition tracking should be provided along with historical efficiency metrics (PUE and DciE).
Measurement of PUE at 3 levels (L1=UPS output, L2=PDU output and L3=IT device level) as per The Green Grid (TGG) recommendation
Energy consumption dashboards should provide real world information, such as kW/hours.
Recommended
EMS.DCIM.005 The system should have inventory management tools to accomplish the following functionalities:
Detailed collection and tracking of all the inventory items placed in the data center, including auto-discovery of all SNMP-enabled devices.
Visibility into the physical location and consumed/available capacity (power, cooling, weight and space) needs to be provided.
Recommended
EMS.DCIM.006 The system should have change planning tools to accomplish the following functionalities:
Provide the ability to plan, assign, execute, and audit changes within the data center.
Reports provided specific to changes within the data center, allowing impact determination before capital expenditures are made.
Provide functionality for proposed changes to be compared to capacity planning system(s) and ensure no shortfall of resources (power, cooling, space, etc.) can occur.
Recommended
EMS.DCIM.007 The system should have the ability to provision interfaces to the following physical infrastructure components:
Service entrance metering
UPS System(s)
Generator System(s)
CRAC units
PDUs (Central or Rack based)
Automatic Transfer Switches (ATS) system(s)		 Recommended
EMS.DCIM.008 The system should have the ability to capture the following alarms and functions:
Power alarms
Air Conditioning Unit(s) Common Alarm
UPS System(s) Common Alarm
VESDA Alarms
Water Detection System
Generator Alarms (Generator running, Common alarm, Low fuel)
ATS Components
Outdoor air temperature/humidity sensor
Server inlet/outlet temperatures		 Recommended
EMS.DCIM.009 The system should include a comprehensive OEM library of manufacturers and models of equipment/devices in Data Center with following characteristics:
Include manufacturers’ specifications of all physical infrastructure and IT devices including power-related, dimension and other relevant attributes
Library should be updated once per quarter and cover any new models procured by the Data Center
Ability to use this library for updating asset database and for capacity planning		 Recommended
EMS.DCIM.010 The system should have the following search capabilities:
Ability to search and filter to locate an asset
Ability to export search results
Ability to limit search criteria - begins with, contains, ends with, or is equal to
Ability to combine search criteria
Ability to search and locate for a cabinet and U position for an item to be reserved or added		 Recommended
EMS.DCIM.011 The system should have sustainability reporting feature. This should include the following:
Carbon footprint of the data center
Granular reporting of carbon emissions from servers
Aging analysis of devices to manage e-waste		 Recommended

Application Performance Management

Standard id Standard Clasification
EMS.APM.001 The system should proactively monitor all user transactions for any web-application hosted; detect failed transactions; gather evidence necessary for triage and diagnosis of problems that affect user experiences and prevent completion of critical business processes. Recommended
EMS.APM.002 The system should determine if the cause of performance issues is inside the application, in connected back-end systems or at the network layer. Recommended
EMS.APM.003 The system should correlate performance data from HTTP Servers (external requests) with internal application performance data. Recommended
EMS.APM.004 The system should see response times based on different call parameters. For example the proposed solution should be able to provide CPU utilization metrics. Recommended
EMS.APM.005 The system should be able to correlate Application changes (code and configuration files) with change in Application performance. Recommended
EMS.APM.006 The system should allow data to be seen only by those with a need to know and limit access by user roles. Recommended
EMS.APM.007 The system should measure the end users' experiences based on transactions. Recommended
EMS.APM.008 The system should give visibility into user experience without the need to install agents on user desktops. Recommended
EMS.APM.009 The system should be deployable as an appliance-based system acting as a passive listener on the network thus inducing zero overhead on the network and application layer. Recommended
EMS.APM.010 The system should be able to provide the ability to detect and alert which exact end users experience HTTP error codes such as 404 errors or errors coming from the web application. Recommended
EMS.APM.011 The system should be able to detect user impacting defects and anomalies and reports them in real-time for Slow Response Time, Fast Response time, Low Throughput, Partial Response, Missing component within transaction. Recommended
EMS.APM.012 The system should be able to instantly identify whether performance problems like slow response times are within or outside the server room without having to rely on network monitoring tools. Recommended
EMS.APM.013 The system should be able to provide trend analysis reports and compare the user experience over time by identifying transactions whose performance or count has deteriorated over time. Recommended

Systems and Database Performance Management

Standard id Standard Clasification
EMS.APM.001 The system should address management challenges by providing centralized management across physical and virtual systems. Recommended
EMS.APM.002 The system should be able to monitor various operating system parameters such as processors, memory, files, processes, file systems, etc. where applicable, using agents on the servers to be monitored. Recommended
EMS.APM.003 The system should be possible to configure the operating system monitoring agents to monitor based on user-defined thresholds for warning/critical states and escalate events to event console of enterprise management system. Recommended
EMS.APM.004 The system should be able to monitor various operating system parameters depending on the operating system being monitored yet offer a similar interface for viewing the agents and setting thresholds. Recommended
EMS.APM.005 The system should support monitoring Processors, File Systems, Log Files, System Processes, and Memory etc. Recommended
EMS.APM.006 The system should provide Process and Service Monitoring wherein if critical application processes or services fail, administrators are immediately alerted and processes and services are automatically re-started. Recommended
EMS.APM.007 The system should be able to provide Log File Monitoring which enables administrator to watch system logs and text log files by specifying messages to watch for. When matching messages gets logged, the proposed tool should notify administrators and enable to take action like sending an email. Recommended
EMS.APM.008 The system should integrate network, server & database performance management systems and provide the unified view of the performance state in a single console. Recommended
EMS.APM.009 The system should be able to automate monitoring, data collection and analysis of performance from single point. Recommended
EMS.APM.010 The system should enable role-based management by defining access privileges according to the role of the user. Recommended
EMS.APM.011 The system should provide the ability to set thresholds and send notifications when an event occurs, enabling database administrators (DBAs) to quickly trace and resolve performance-related bottlenecks. Recommended
EMS.APM.012 The system should provide Performance Management and Reporting —Provides real-time and historical performance of physical and virtual environments enabling customers gain valuable insights of a given virtual container of the relative performance of a given Virtual Machine compared to other Virtual Machines, and of the relative performance of groups of Virtual Machines. Recommended

Traffic Analysis

Standard id Standard Clasification
EMS.TA.001 The system should enable the server room to centrally manage user access privileges and allow deploying baseline security polices so that the right people have access to the right information. It should proactively secure access to data and applications located on Linux, UNIX and Windows system servers. Recommended
EMS.TA.002 The system should support Flow monitoring and traffic analysis for all major technologies like NetFlow, J-Flow, sFlow, etc. Recommended
EMS.TA.003 The system should provide a central web based integration point for NetFlow based reporting and able to report from a single console across interfaces. Recommended
EMS.TA.004 The system should be of the type passive monitoring without a need to install any probe or collector for data collection. Recommended
EMS.TA.005 The system should provide the following NetFlow based metrics:Rate, Utilization, Byte Count, IP hosts with automatic DNS resolution, IP conversation pairs with automatic DNS resolution, Router/interface with automatic SNMP name resolution, IPv6 addresses. Recommended
EMS.TA.006 The system should keep historical rate and protocol data for a minimum of 12 months (most recent) in its current long term operating database. All data in that database should have a maximum 15-minute window granularity without roll up. A user should be able to select any 15 minute window over the last 12 months and display unique utilization and protocol data for every monitored interface. Recommended
EMS.TA.007 The proposed solution should keep historical rate and protocol data for a minimum of 30 days (most recent) in its short term operating database. All data in that database should have a maximum 1-minute window granularity. A user should be able to select any 1 minute window over the last 30 days and display unique utilization and protocol data for every monitored interface. Recommended
EMS.TA.008 All custom reports from the long term database should support the ability to be run manually or scheduled to run automatically at user selectable intervals. Recommended
EMS.TA.009 All reports should be generated and displayed directly by the system from a common interface. Recommended
EMS.TA.010 The system should allow via API for Excel to download data to generate reports. Recommended
EMS.TA.011 The system should be able to restrict views and access for defined users to specific routers, interfaces, and reports. Recommended
EMS.TA.012 The user should be able to generate reports from the long term database based on specific thresholds defined by the user where the threshold can be compared to rate, utilization or volume of every monitored interface as a filter for inclusion in the report. Recommended
EMS.TA.013 The system should be capable of automatically detecting anomalous behavior such as virus attacks or unauthorized application behavior. Recommended
EMS.TA.014 The system should analyze all NetFlow traffic and alert via SNMP trap and Syslog of any suspicious activity on the network. Recommended
EMS.TA.015 The system should provide the ability to group interfaces into functional groups based on any user criteria. The grouping function should allow users to create group names and add interfaces into that grouping for reporting purposes. Once created, these groups should be available for selection within custom reports as a mechanism to include multiple interfaces without individual selection for inclusion. Recommended
EMS.TA.016 The monthly view should provide a graphical representation of the level of utilization for each fifteen minute interval of each day of the month. Recommended
EMS.TA.017 The user should be able to easily change the data type of the main interface view to a tabular format showing the increase or decrease of traffic generated by that protocol as a percentage using discrete least-squares approximation to find a best fit line of growth. Recommended

Asset Management

Standard id Standard Clasification
EMS.AM.001 Ability to provide inventory of hardware and software applications on end-user desktops, including information on processor, memory, OS, mouse, keyboard, etc. through agents installed on them. Recommended
EMS.AM.002 Ability to have reporting capabilities; provide predefined reports and ability to create customized reports on data in the inventory database. Report results could be displayed as lists or graphs. Recommended
EMS.AM.003 Ability to provide the facility to collect custom information from desktops. Recommended
EMS.AM.004 Ability to provide facility to recognize custom applications on desktops. Recommended
EMS.AM.005 Facility for the administrator to register a new application to the detectable application list using certain identification criteria. Shall enable the new application to be detected automatically next time the inventory is scanned. Recommended
EMS.AM.006 Facility for User self-registration. Recommended
EMS.AM.007 Ability to support configuration management functionality using which standardization of configuration can be achieved of all the desktops. Recommended
EMS.AM.008 Software metering shall be supported to audit and control software usage. Shall support offline and online metering. Recommended
EMS.AM.009 Ability to support dynamic grouping of enabling assets to be grouped dynamically based on some pre-defined criteria e.g. a group shall be able to display how many and which computers has a specific application installed. As and when a new computer gets the new application installed it shall dynamically add to the group. Recommended
EMS.AM.010 Ability to use the query tool to identify specific instances of concern like policy violation (presence of prohibited programs / games and old versions, etc.), inventory changes (memory change, etc.) and accordingly it could perform several actions as reply. These actions could be (a) sending a mail, (b) writing to files, sound an alarm (c) message to scroll on monitor screen if the administrator, etc. Recommended
EMS.AM.011 Facility to track changes by maintaining history of an asset. Recommended
EMS.AM.012 Ability to have web based console. Recommended

Security Operations Center

Standard id Standard Clasification
SOC.REQ.001 The system shall be able to collect, aggregate, capture, process, categories and filter event data, logs and alert messages in real-time or near-real-time. Mandatory
SOC.REQ.002 Ability to perform event correlation, prioritization of events, sending alerts to administrators, real-time and historical analysis with trend and ad-hoc reporting Mandatory
SOC.REQ.003 Ability to manage the SOC components from the centralized system Mandatory
SOC.REQ.004 Information transmitted between the SOC components in a distributed architecture solution must be encrypted. Mandatory
SOC.REQ.005 The system shall be able to support caching/store and forward mode during the transferring of data for collection Mandatory
SOC.REQ.006 The system shall be capable of supporting common log delivery methods. These shall include e.g. Syslog, OPSEC, SDEE, SNMP, raw text files, ODBC/JDBC and XML files. Mandatory
SOC.REQ.007 The system shall be able to capture and store 100% of the information in the original event data, logs and alert messages and normalize them into a common standard event schema for further analysis, troubleshooting and other data processing needs. Also there should be a feasibility to send the raw logs. Mandatory
SOC.REQ.008 The system shall support normalization of the logs so that there is a common schema across all device sources. Mandatory
SOC.REQ.009 The system shall support categorization by providing intuitive categorization taxonomy so as to ensure that the end users do not have to know or understand the source devices specific event terminology / syntax. Mandatory
SOC.REQ.010 The system shall allow bandwidth management i.e. rate limiting at the log collector level or provide a store and forward solution at each distributed centre so as to minimize disruption to the Enterprise’s network bandwidth utilization and availability Mandatory
SOC.REQ.011 Event data must be enhanced in a manner that allows all content developed (filters, dashboard displays, reports) to be vendor agnostic (i.e.: a currently deployed technology can be replaced with a similar technology without having to modify existing content on the log management of SOC solution). Mandatory
SOC.REQ.012 Ability to provide an intuitive user interface with features such as display correlated events, drill down to packet level event details, simultaneous access to real-time, raw logs and historical events, customizable at-a-glance security view for administrators Mandatory
SOC.REQ.013 Ability to get information from the devices so that they can be categorized by criticality, etc. Mandatory
SOC.REQ.014 Ability to support various correlation engines like statistical, rule, vulnerability, and susceptibility. Mandatory
SOC.REQ.015 Ability to support easy to write correlation rules Mandatory
SOC.REQ.016 Ability to correlate events into incidents Mandatory
SOC.REQ.017 Ability to seamlessly integrate with proposed EMS so that security events can be viewed or monitored by the administrators in their familiar views Mandatory
SOC.REQ.018 Ability for Real Time Monitoring and Notification - Notify analysts by their preferred method, including e-mail, SMSs etc Mandatory
SOC.REQ.019 Ability to provide scheduled report capabilities for automated report generation Mandatory
SOC.REQ.020 Ability to offer a bundle of various predefined reports in multiple formats, such as HTML, text, CSV, web and graphs that are customizable to the needs Mandatory
SOC.REQ.021 Ability to provide comprehensive logging facilities record event data from all sources Mandatory
SOC.REQ.022 Ability to priorities events based on Criticality Ratings assigned to assets Mandatory
SOC.REQ.023 Vendor must collect and store log information in a manner that preserves litigation quality for use in legal proceedings without increasing storage requirements Mandatory
SOC.REQ.024 Vendors’ end-to-end solution must collect, process and store event log information in a manner that complies with log management best practices. The solution should allow administrators to extract logs in its raw format for a specific period, device type or an identified IP address. The logs should be stored in a format to ensure security of the logs from any unauthorized modification Mandatory
SOC.REQ.025 The encryption algorithms and protocols used shall be widely accepted in security community and not proprietary in nature. Encryption algorithms and protocol details should be provided Mandatory
SOC.REQ.026 The system shall have a robust and proven enterprise DBMS/RDBMS system Mandatory
SOC.REQ.027 The system shall support ease of use by offering unlimited drill down capability down to the capture event data, logs or alert message from the detected incident or threat Mandatory
SOC.REQ.028 The events can be displayed based on user preferences and display templates can be sorted easily based on majority fields such as event priority, event start time, end time, attacker IP, target IP, etc. Mandatory
SOC.REQ.029 The system shall provide filters options including the following that can be applied to all fields in the captured events.
• =
• !=
• >
• AND
• OR
• NOT
• begins with
• ends with
• contains
• starts with specified substring
• ends with specified substring
 Mandatory
SOC.REQ.030 The system shall provide a dynamic graphical representation of the event relationship in the real time, and group similar and/or related events with identical fields Mandatory
SOC.REQ.031 The system shall provide a user friendly graphical user interface to create/edit/delete correlation rules without any scripting/programming involvement Mandatory
SOC.REQ.032 The system must be able to detect multi-step attack where the multistep attack can be detected using correlation to join events spanning a session over time. The system must combine and relate values from multiple events, such as from an IDS and a firewall, to infer that the attack was perpetrated. Mandatory
SOC.REQ.033 The system shall have capability to add asset information including physical location, asset description, IP address, asset ownership, contact information, role of the server with regard to the business function etc. Mandatory
SOC.REQ.034 The system shall support role based access control for different user groups to access different devices information, views, filters, templates. Mandatory
SOC.REQ.035 The system shall provide a secure web access for different user groups to access reports and resources. Mandatory
SOC.REQ.036 Predefined report templates should be available out of the box. However, customization of reporting should be available completely through the GUI and not charged separately. Mandatory
SOC.REQ.037 The system shall provide the functionality to export the report in the following format:
• PDF
• CSV
• HTML
• Flat file format
 Mandatory
SOC.REQ.038 The system shall provide a report designer that allows users to customize the appearance of the report such as adding of organization logo in the report, modifying the graphs, tables, grouping, sorting, etc. Mandatory
SOC.REQ.039 The system shall provide real-time or near real-time alerts for detected incidents. Mandatory
SOC.REQ.040 The system shall integrate with SMS gateways and email systems to deliver the alerts Mandatory
SOC.REQ.041 The system shall allow the analyst to define criticality level of the incident and the corresponding mode of alert. Mandatory
SOC.REQ.042 The system shall provide the ability to trigger configurable email messages based on specific rules. Mandatory
SOC.REQ.043 The system shall allow ownership of end devices be defined so that alerts are sent to individuals responsible for those devices Mandatory
SOC.REQ.044 The system shall have built-in case management that allow user to create/update case upon receiving of events for escalating to the correct support areas as part of the incident handling management process Mandatory
SOC.REQ.045 Solution must be able to integrate with third-party Enterprise Help Desk systems. Integration must support at a minimum: automated and manual incident creation, updating of existing incident, synchronization of incident closure Mandatory
SOC.REQ.046 Solution must be able to interface with third-party forensic investigation tools such as EnCase, NetWitness, NikSun through seamless user actions Mandatory
SOC.REQ.047 The system shall allow the assigned officer to update the progress of the incident investigation and add comments to the assigned cases and accordingly close the cases Mandatory
SOC.REQ.048 The system shall allow the users to create reports with common SQL taxonomies such as GROUP BY, ORDER BY, HAVING etc Mandatory
SOC.REQ.049 The system shall provide an automatic notification escalation for notifications which did not receive an acknowledgment during a specified time-frame Mandatory
SOC.REQ.050 The system shall have a report scheduler to:
a. Select one or more reports to run in a scheduled job
b. Configures optional email recipients (optional)
c. Attaches reports to emails (optional)
Mandatory
SOC.REQ.051 The system shall have the capability to allow creation of custom dashboards Mandatory
SOC.REQ.052 The system Reporting module shall support the following visualization:
a. Column Chart
b. Bar Chart
c. Line Chart
d. Pie Chart
e. Table
f. Scatter
g. Radar
h. Curve Area
Mandatory
SOC.REQ.053 The proposed solution should be mentioned in the Gartner's leader quadrant for the last three years Mandatory
SOC.REQ.054 The proposed solution must provide all updates and upgrades within the proposed solution license Mandatory
SOC.REQ.055 The system should be under warranty for minimum 3 years along with support service. Mandatory
SOC.REQ.056 The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Anti-virus

Standard id Standard Clasification
AV.REQ.001 Should protect systems from virus attacks in real time without compromising performance of the system and work in a client server mode Mandatory
AV.REQ.002 Should be able to support 32bit/64 bit environment in Windows, Linux, Sun Solaris, HP-Unix Mandatory
AV.REQ.003 Should be capable of detecting and cleaning virus infected files as well as scanning for ZIP, RAR compressed files, and TAR, archive files etc. Mandatory
AV.REQ.004 Should support upgrade and update without moving the server off-line. Mandatory
AV.REQ.005 Should use multiple scan engines during the scanning process Mandatory
AV.REQ.006 Should have in-memory scanning so as to minimize Disk I/O Mandatory
AV.REQ.007 Should have Multi-threaded scanning Mandatory
AV.REQ.008 Should have scanning of nested compressed files Mandatory
AV.REQ.009 Should have an anti-spam solution Mandatory
AV.REQ.010 Should support various types of reporting formats including but not limited to CSV, HTML , text or pdf files Mandatory
AV.REQ.011 Should be capable of being managed by a central management station Mandatory
AV.REQ.012 Should be capable of protecting all the servers in the data center Mandatory
AV.REQ.013 Must have capability to restore spyware/grayware if the spyware/grayware is deemed safe Mandatory
AV.REQ.014 Must support sending log to external network device/log server Mandatory
AV.REQ.015 Must support remote GUI management of AV server Mandatory
AV.REQ.016 Should support Scanning of FTP traffic Mandatory
AV.REQ.017 Support Web threat protection Mandatory
AV.REQ.018 Should support true file type scanning Mandatory
AV.REQ.019 Should support behavioral/heuristic scanning Mandatory
AV.REQ.020 Should support virtualization platforms Mandatory
AV.REQ.021 Should support host Firewall and Host Intrusion detection/prevention system Mandatory
AV.REQ.022 Should support excluding user defined processes Mandatory
AV.REQ.023 Should support host firewalls and host intrusion prevention/detection system Mandatory
AV.REQ.024 Should have exclude scan option support Mandatory
AV.REQ.025 The system should be under warranty for minimum 3 years along with support service. Mandatory
AV.REQ.026 The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Router

Standard id Standard Clasification
ROU.REQ.001 : The router shall support 1:1 route processor/control processor redundancy, 1:1/1:N switch fabric and PSU redundancy and 1:1 service module redundancy in case any services asked for in the RFP is delivered through a service module Mandatory
ROU.REQ.002 : The Core router must be based on architecture which does hardware based forwarding and switching. The processing engine architecture must be multi-processor based for enhanced performance. Mandatory
ROU.REQ.003 : The Core router must have onboard support for intelligent traffic measurement and analysis. The router must support flow based traffic analysis feature. Mandatory
ROU.REQ.004 : The router must have hardware assisted Network Address Translation (NAT) capability as per RFC 1631. Mandatory
ROU.REQ.005 : Backplane Architecture: The back plane architecture of the router must be modular and redundant. The back plane bandwidth have scalability to 10Gbps (The one highlighted in blue can be modified as per the requirements in line with the solution architecture) Mandatory
ROU.REQ.006 : Number of Slots: The router must be chassis based with minimum 4 numbers of slots. Mandatory
ROU.REQ.007 : The router must have redundant power supply module. The router must support 220V AC or -48V DC power supply module. There should not be any impact on the router performance in case of one power supply fails. Mandatory
ROU.REQ.008 : The router processor architecture must be multi-processor based and should support hardware accelerated, parallelized and programmable IP forwarding and switching. Mandatory
ROU.REQ.009 : The router in the event of failure of any one processor should switchover to the redundant processor without dropping any traffic flow. There should not be any impact on the performance in the event of active routing engine. Mandatory
ROU.REQ.010 : The router must support on line hot insertion and removal of cards. Any insertion line card should not call for router rebooting nor should disrupt the remaining unicast and multicast traffic flowing in any way. Mandatory
ROU.REQ.011 : The router must have support for flash memory for configuration and OS backup. Mandatory
ROU.REQ.012 : Should support up to 18 Mpps of Forwarding performance Mandatory
ROU.REQ.013 : The Router solution must be a carrier-grade Equipment supporting the following: Hitless interface protection, In-band and out-band management, Software rollback feature, Graceful Restart for OSPF, BGP, LDP, MP-BGP etc. Mandatory
ROU.REQ.014 : The router should support uninterrupted forwarding operation for OSPF, IS-IS routing protocol to ensure high-availability during primary controller card failure. Mandatory
ROU.REQ.015 : The router line card must support following interface as defined in the IEEE, ITU-T: Fast Ethernet - 10BaseT/100BaseT Ethernet as defined in IEEE 802.3 , Gigabit Ethernet - 1000BaseSX, 1000BaseLX, 1000BaseZX as defined in IEEE 802.3 Mandatory
ROU.REQ.016 : The router should support Channelized STM1 interfaces to aggregate multiple E1 / sub-rate E1 circuits coming in from remote locations. Mandatory
ROU.REQ.017 : Support for 10 Gigabit Ethernet interface. Mandatory
ROU.REQ.018 : The router must support the IPv4 and IPv6 stack in hardware and software. It must support both IPv4 and IPv6 routing domains separately and concurrently. It must also support the ability to bridge between IPv4 and IPv6 routing domains. Mandatory
ROU.REQ.019 : The router must support RIPv1 & RIPv2, OSPF, BGPv4 and IS-IS routing protocol. Mandatory
ROU.REQ.020 : Should be IPv6 complaint Mandatory
ROU.REQ.021 : Should support IPv6 static route, OSPFv3, IS-IS support for IPv6, Multiprotocol BGP extensions for IPv6, IPv6 route redistribution. Mandatory
ROU.REQ.022 : The router shall support dual stack IPv6 on all interfaces and IPv6 over IPv4 tunneling, IPv6 Multicast protocols – Ipv6 MLD, PIM-Sparse Mode, and PIM – SSM,Pv6 Security Functions – ACL, IPv6 Firewall, SSH over IPv6, MPLS Support for IPv6 - IPv6 VPN over MPLS, Inter-AS options, IPv6 VPN over MPLS, IPv6 transport over MPLS Mandatory
ROU.REQ.023 : The router should support for IPv6 Multicast. Mandatory
ROU.REQ.024 : Should support IPv6 Quality of Service Mandatory
ROU.REQ.025 : Should perform IPv6 transport over IPv4 network (6 to4 tunneling). Mandatory
ROU.REQ.026 : Should support SNMP over IPv6 for management. Mandatory
ROU.REQ.027 : The router must be capable of doing Layer 3 classification and setting ToS/Diffserve bits on incoming traffic using configured guaranteed rates and traffic characteristics. The marking of the ToS/Diffserve bits should be non-performance impacting. Mandatory
ROU.REQ.028 : The scheduling mechanism must allow for expedited or strict priority routing for all high priority traffic. Mandatory
ROU.REQ.029 : The scheduling mechanism must allow for alternate priority routing traffic necessary to keep from starving other priority queues. Mandatory
ROU.REQ.030 : The router must provide facility to prioritize the SNMP traffic. Mandatory
ROU.REQ.031 : The multicast implementation must support source specific multicast. Mandatory
ROU.REQ.032 : The router must support IGMPv2 and IGMPv3. Mandatory
ROU.REQ.033 : Should support all standard protocols Mandatory
ROU.REQ.034 : Multicast VPN (mVPN) Mandatory
ROU.REQ.035 : Should support Access Control Lists at layer 2-4 in hardware. The access list parameters may be any combination of source and destination IP or subnet, protocol type (TCP/UDP/IP etc.), source and destination port. There should not be any impact on the router performance upon enabling Access Lists. Mandatory
ROU.REQ.036 : The router should support multiple levels of access or role based access mechanisms. Mandatory
ROU.REQ.037 : Should support CPU Rate limiting and control plane policing feature to make sure the router is always available for management. Mandatory
ROU.REQ.038 : The proposed router should support for NAT performance of 10 Gbps and 4 Gbps of encryption from day one, Version of software for supplied router should be latest release to support all required features Mandatory
ROU.REQ.039 : The proposed router should have embedded support for 4000 IPsec tunnels from day one, Version of software for supplied router should be latest release to support all required features Mandatory
ROU.REQ.040 : Console Port: It should be possible to manage a particular system locally through console port or through a telnet session over LAN/WAN. Mandatory
ROU.REQ.041 : The router must support management through v3 Mandatory
ROU.REQ.042 : The router must support RADIUS and TACACS. The router must role based access to the system for configuration and monitoring. Mandatory
ROU.REQ.043 : The router must support Network Time Protocol (NTP) as per RFC 1305. Mandatory
ROU.REQ.044 : The router must have DHCP server functionality so that it can be used to lease IP addresses to the end points of local area network whenever required. Mandatory
ROU.REQ.045 : Each Core router should be provided with 8 x 1G ports and 2 x 10G ports from Day 1 Mandatory
ROU.REQ.046 : The Router should be minimum EAL /NDPP Applicable Protection Profile certified under the Common Criteria Evaluation Program Mandatory
ROU.REQ.047 : The system should be under warranty for minimum 3 years along with support service. Mandatory
ROU.REQ.048 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Internet router – firewall

Standard id Standard Clasification
IR.REQ.001 : The Router should have complete security suite by supporting IPSec , VPN, Firewall (Zone based & State full firewall), IPS, Content Filtering functionalities into a single box along with full support for dynamic routing protocols. If any of the mentioned features can't be provided into a single box solution by any vendor, multiple boxes must be quoted to achieve these features from day one. Mandatory
IR.REQ.002 : Router should have minimum 2 slots and above to accommodate large variety of interface& should support FE, GE (both Ethernet based & fiber based), Serial V.35, ports, G.703 ports, E1, Chn E1 etc. Mandatory
IR.REQ.003 :
1. The router should support minimum 50 Mbps of WAN link termination with minimum 150 kpps of forwarding rate for both IPv4 & IPv6.
2. The router should support minimum 20 Mbps of WAN link termination with minimum 300 kpps of forwarding rate for both IPv4 & IPv6.
3. The router should support minimum 400 Mbps of WAN link termination with minimum 600 kpps of forwarding rate for both IPv4 & IPv6.		 Mandatory
IR.REQ.004 : The router shall have the following IPv4 Interior Gateway Protocols (IGP) – Static Route, Default Route, RIPv2, OSPFv2 and IS-IS, BGP4 from day one. All necessary licenses if any, to be provided to enable Static Route, OSPF V3, BGPV4 for IPv6. IP Multicast Routing Protocols to facilitate applications such as streaming, webcast, command & control etc. must be enabled form day one along with PIM SM, MPLS features – LDP etc. Mandatory
IR.REQ.005 : 3 x 1 Gigabit Ethernet Interfaces from day one , scalable up to minimum 5 GE ports and should have 10G ports. Mandatory
IR.REQ.006 : The Router should be minimum EAL3/EAL4/NDPP or above certification Mandatory
IR.REQ.007 : The router should be IPV6 complaint Mandatory
IR.REQ.008 : The system should be under warranty for minimum 3 years along with support service. Mandatory
IR.REQ.009 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Web application firewall

Standard id Standard Clasification
WAF.REQ.001 : The appliance based solution should support Inline bridge mode of deployment and should have a built-in bypass for both "fail-open" and "fail-close" mode. Mandatory
WAF.REQ.002 : The Web application firewall should address Open Web Application Security Project (OWASP) Top Ten security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Broken Authentication and Session Management and those listed in NIST SP800-95 guidelines. Mandatory
WAF.REQ.003 : The solution should prevent the following attacks (but not limited to):
a) Brute force /DDOS
b) Access to predictable resource locations
c) Unauthorized navigation
d) Web server reconnaissance
e) HTTP request format and limitation violations (size, unknown method, etc.)
f) Use of revoked or expired client certificate
g) File upload violations.		 Mandatory
WAF.REQ.004 : Should have DLP capabilities to ensure privacy of sensitive data. Mandatory
WAF.REQ.005 : Should support positive and negative security model. Mandatory
WAF.REQ.006 : Should have the ability of caching, compression of web content and SSL acceleration. Mandatory
WAF.REQ.007 : Should have integrated SSL Offloading capabilities, further the solution should support SSL and/or TLS termination, or be positioned such that encrypted transmissions are decrypted before being inspected by the WAF. Mandatory
WAF.REQ.008 : Should have integrated basic server load balancing capabilities. Mandatory
WAF.REQ.009 : Should meet all applicable PCI DSS requirements pertaining to system components in the cardholder data environment, should also monitor traffic carrying personal information. Mandatory
WAF.REQ.010 : Should have the ability to inspect web application output and respond (allow, block, mask and/or alert) based on the active policy or rules, and log actions taken. Mandatory
WAF.REQ.011 : Should inspect both web page content, such as Hypertext Markup Language (HTML), Dynamic HTML (DHTML), and Cascading Style Sheets (CSS), and the underlying protocols that deliver content, such as Hypertext Transport Protocol (HTTP) and Hypertext Transport Protocol over SSL (HTTPS). (In addition to SSL, HTTPS includes Hypertext Transport Protocol over TLS.) Mandatory
WAF.REQ.012 : WAF should support dynamic source IP blocking and should be able to block attacks based on IP source. Mandatory
WAF.REQ.013 : Should inspect Simple Object Access Protocol (SOAP) and extensible Markup Language (XML), both document- and RPC-oriented models, in addition to HTTP (HTTP headers, form fields, and the HTTP body). Mandatory
WAF.REQ.014 : Inspect any protocol (proprietary or standardized) or data construct (proprietary or standardized) that is used to transmit data to or from a web application, when such protocols or data are not otherwise inspected at another point in the message flow. Mandatory
WAF.REQ.015 : WAF should support inline bridge or proxy mode of deployment. Mandatory
WAF.REQ.016 : WAF should have an option to configure in Reverse proxy mode as well. Mandatory
WAF.REQ.017 : Actions taken by WAF to prevent malicious activity should include the ability to drop requests and responses, block the TCP session, block the application user, or block the IP address. Mandatory
WAF.REQ.018 : Transactions with content matching known attack signatures and heuristics based should be blocked. Mandatory
WAF.REQ.019 : The WAF database should include a preconfigured comprehensive and accurate list of attack signatures. Mandatory
WAF.REQ.020 : The Web application firewall should allow signatures to be modified or added by the administrator. Mandatory
WAF.REQ.021 : The Web application firewall should support automatic updates (if required) to the signature database, ensuring complete protection against the latest application threats. Mandatory
WAF.REQ.022 : WAF should be able to restrict the number of files in a request. Mandatory
WAF.REQ.023 : WAF support the following normalization methods: Mandatory
WAF.REQ.024 :
a) URL-decoding (e.g. %XX)
b) Null byte string termination
c) Self-referencing paths (i.e. use of /. / and encoded equivalents)
d) Path back-references (i.e. use of /.../ and encoded equivalents)
e) Mixed case
f) Excessive use of whitespace
g) Comment removal (e.g. convert DELETE/**/FROM to DELETE FROM)
h) Conversion of (Windows-supported) backslash characters into forward slash characters.
i) Conversion of IIS-specific Unicode encoding (%uXXYY)
j) Decode HTML entities (e.g. c, ", ª)
k) Escaped characters (e.g. \t, \001, \xAA, \uAABB).		 Mandatory
WAF.REQ.025 : WAF should support different policies for different application sections. Mandatory
WAF.REQ.026 : The Web application firewall should automatically learn the Web application structure and elements. Mandatory
WAF.REQ.027 : The Web application firewall learning mode should be able to recognize application changes as and when they are conducted. Mandatory
WAF.REQ.028 : The WAF should have the ability to perform behavioral learning to examine traffic and highlight anomalies and provide recommendations that can be turned into actions such as apply, change and apply, ignore etc. Mandatory
WAF.REQ.029 : The Web application firewall should support line speed throughput and sub-millisecond latency so as not to impact Web application performance. Mandatory
WAF.REQ.030 : For SSL-enabled Web applications, the certificates and private/public key pairs for the Web servers being protected need to be up loadable to the Web application firewall. Mandatory
WAF.REQ.031 : The Web Application Firewall should have "anti-automation" protection which can block the automated attacks that use hacking tools, scripts, frame work etc. Mandatory
WAF.REQ.032 : The Web application firewall should have an out of band management port. WAF should support different policies for different application sections. Mandatory
WAF.REQ.033 : The Web application firewall should support web based centralized management and reporting for multiple appliances. Mandatory
WAF.REQ.034 : Bidder should be able to deploy the Web application firewall and remove the Web application firewall from the network with minimal impact on the existing Web applications or the network architecture. Mandatory
WAF.REQ.035 : The Web application firewall should be able to integrate with web application vulnerability assessment tools (Web application scanners). Mandatory
WAF.REQ.036 : WAF should be able to integrate with the existing/ proposed SIEM solution. Mandatory
WAF.REQ.037 : The Web application firewall should be able to generate custom or pre-defined graphical reports on demand or scheduled. Mandatory
WAF.REQ.038 : The Web application firewall should provide a high level dashboard of system status and Web activity. Mandatory
WAF.REQ.039 : Should be able to generate comprehensive event reports with filters:
a. Date or time ranges
b. IP address ranges
c. Types of incidents
d. Geo Location of attack source
e. Other (please specify).		 Mandatory
WAF.REQ.040 : The following report formats are deemed of relevance: Word, RTF, HTML, PDF, XML, etc. Mandatory
WAF.REQ.041 : Unique transaction ID should be assigned to every HTTP transaction (a transaction being a request and response pair), and included with every log message. Mandatory
WAF.REQ.042 : Access logs can periodically be uploaded to the logging server (e.g. via FTP, SFTP, WebDAV, or SCP). Mandatory
WAF.REQ.043 : Web application firewall should provide notifications through Email, Syslog, SNMP Trap, Notification via HTTP(S) push etc. Mandatory
WAF.REQ.044 : WAF should be able to log full session data once a suspicious transaction is detected. Mandatory
WAF.REQ.045 : Should be simple to relax automatically-built policies. Mandatory
WAF.REQ.046 : The solution should provide the admin to manually accept false positives. Mandatory
WAF.REQ.047 : Should be able to recognize trusted hosts. Mandatory
WAF.REQ.048 : The WAF in passive mode should be able to provide impact of rule changes as if they were actively enforced. Mandatory
WAF.REQ.049 : The solution should be capable of performing or integrating with third party vulnerability scanners to provide virtual patching capabilities. Mandatory
WAF.REQ.050 : Should support clustered deployment of multiple WAFs sharing the same policy. Mandatory
WAF.REQ.051 : The solution should support virtual environments. Mandatory
WAF.REQ.052 : The solution should support all operating systems and their versions including but not limited to Windows, AIX, Unix, Linux, Solaris, HP Unix. Mandatory
WAF.REQ.053 : The solution should have the capability of load balancing between the applications in an active – active environment. Mandatory
WAF.REQ.054 : The Web application Firewall should support authentication with LDAP and radius server. Mandatory
WAF.REQ.055 : The Solution should allow commands like PING, trace route, telnet Wget, Nslookup from WAF for troubleshooting network related issues. Mandatory
WAF.REQ.056 : The Solution should have option to configure NTP server details. Mandatory
WAF.REQ.057 : OEM should provision for 24*7 service support for the web application firewall. Mandatory
WAF.REQ.058 : The solution should have network routing feature. Mandatory
WAF.REQ.059 : In case of RMA Process, Define the no of days to deliver the solution. Mandatory
WAF.REQ.060 : Should support both IPv4 and IPv6 Mandatory
WAF.REQ.061 : The system should be under warranty for minimum 3 years along with support service. Mandatory
WAF.REQ.062 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Next Generation Firewall

Standard id Standard Clasification
NGF.REQ.001 : Industry Certifications and Evaluations Mandatory
NGF.REQ.002 : Firewall appliance should have common Criteria EAL4+/NDPP/ ICSA Certification. (The one highlighted in blue can be modified as per the requirements in line with the solution architecture) Mandatory
NGF.REQ.003 : Hardware Architecture Mandatory
NGF.REQ.004 : The appliance based security platform should be capable of providing firewall, URL Filtering, Application Control, and VPN (both IPSec and SSL) functionality in a single appliance from day one. Mandatory
NGF.REQ.005 : SSL VPN Gateway should have Host Scan capability to gather information and to control which hosts are allowed to create a remote access connection to the VPN Security Appliance based on pre-login policy for evaluating the host operating system, antivirus, anti-spyware. Mandatory
NGF.REQ.006 : Should support minimum 100 SSL VPN concurrent users with scalability option. Mandatory
NGF.REQ.007 : The appliance should support at least 8X10/100/1000/1G ports from Day one. Mandatory
NGF.REQ.008 : Firewall should support dual stack (IPv4 and IPv6) for all features. Mandatory
NGF.REQ.009 : Firewall should support IPv4 & IPv6 static routing, RIP, OSPF v2 & v3 and BGP. Mandatory
NGF.REQ.010 : Performance & Scalability Mandatory
NGF.REQ.011 : Firewall should support at least 1000Mbps with all modules enabled (firewall, URL Filtering, Application Control, and VPN). Mandatory
NGF.REQ.012 : Firewall should support at least 5,00,000 concurrent sessions. Mandatory
NGF.REQ.013 : Firewall should support at least 20,000 new connections per second. Mandatory
NGF.REQ.014 : Firewall should support at least 200 VLANs. Mandatory
NGF.REQ.015 : Firewall should have support for at least 3 virtual firewalls. Mandatory
NGF.REQ.016 : Firewall Features Mandatory
NGF.REQ.017 : Should be a State full packet inspection firewall. Mandatory
NGF.REQ.018 : Firewall module should support security policies (firewall) rules) based on: IP address Network subnet Protocol (TCP, UDP, ICMP, etc.) Services User-group Mandatory
NGF.REQ.019 : Firewall should provide application inspection for DNS, FTP, HTTP, SMTP, ESMTP, LDAP, MGCP, RTSP, SIP, SCCP, SQLNET, TFTP, H.323, SNMP. Mandatory
NGF.REQ.020 : Firewall should support creating access-rules with IPv4 & IPv6 objects simultaneously eg: IPv4 source & IPv6 destination. Mandatory
NGF.REQ.021 : Firewall should support operating in routed & transparent mode. Should be able to set mode independently for each context in multi-context mode. Mandatory
NGF.REQ.022 : In transparent mode firewall should support ARP-inspection to prevent spoofing at Layer-2 Mandatory
NGF.REQ.023 : Firewall should support DOS protection functionalities like TCP intercept/TCP Syn cookie protection, Dead Connection Detection/ TCP sequence randomization, TCP normalization to clear TCP packets of anomalies like clearing or allowing selective TCP options, reserved bits, urgent flags & provide TTL evasion protection. Mandatory
NGF.REQ.024 : Should support Routing protocols such as Static, RIP, OSPF v2 & v3, BGP Protocol. Mandatory
NGF.REQ.025 : Firewall should support static NAT, PAT, dynamic NAT & destination based NAT. Mandatory
NGF.REQ.026 : Firewall should support NAT 66 (IPv6-to-IPv6), NAT 64 (IPv6-to-IPv4) & NAT 46 (IPv4-to-IPv6) functionality. Mandatory
NGF.REQ.027 : High-Availability Features Mandatory
NGF.REQ.028 : Firewall should support stateful failover of sessions in Active/Standby and Active/Active mode and have internal redundant power supply. Mandatory
NGF.REQ.029 : Should support Non Stop Forwarding in HA. Mandatory
NGF.REQ.030 : Management Mandatory
NGF.REQ.031 : The management platform should be accessible via a web-based interface or console based interface. The management platform must be of Firewall and should always be accessible all the time irrespective of the Load on the firewall. Mandatory
NGF.REQ.032 : The management platform should provide dashboard for management purposes and should have role based logging capabilities. Mandatory
NGF.REQ.033 : The management platform should be capable of role-based administration, enabling different sets of views and configuration capabilities for different administrators subsequent to their authentication. Mandatory
NGF.REQ.034 : The device should allow access log to be sent to: External Log server Mandatory
NGF.REQ.035 : The device should support: at least 40 different URL categories and 1000 applications Mandatory
NGF.REQ.036 : The system should be under warranty for minimum 3 years along with support service. Mandatory
NGF.REQ.037 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Network Intrusion Prevention System

Standard id Standard Clasification
NIPS.REQ.001 : Platform Requirement Mandatory
NIPS.REQ.002 : The device should be a purpose built dedicated appliance (not a subset of firewall or UTM appliance). Mandatory
NIPS.REQ.003 : The device should operate in transparent (Bridge) mode. Mandatory
NIPS.REQ.004 : The device should have separate dedicated interface for management. Mandatory
NIPS.REQ.005 : The device should have external / internal Redundant Power Supply (RPS). Mandatory
NIPS.REQ.006 : L2 Mandatory
NIPS.REQ.007 : The device should perform traffic inspection based on:
a) Signatures
b) Protocol anomaly
c) Behavior anomaly
d) Reputation
 Mandatory
NIPS.REQ.008 : The device should accurately detect the following Attack categories:-
a) Unauthorized access attempts
b) Pre-attack probes
c) DoS
d) Vulnerability exploitation
e) Zero-day attacks.
Mandatory
NIPS.REQ.009 : The device should employ full seven-layer protocol analysis of over 100 internet protocols like HTTP, FTP, SMTP, etc. Mandatory
NIPS.REQ.010 : The device should support more than 2500 signatures. Mandatory
NIPS.REQ.011 : The device should handle following traffic:
a) IPv6
b) IPv4
c) Asymmetric / Symmetric Traffic
 Mandatory
NIPS.REQ.012 : The device should support:
a) Bi- directional inspection
b) Detection of Shell Code
c) Advanced evasion protection.
Mandatory
NIPS.REQ.013 : The device should have the ability to identify/block individual applications (eg. Facebook or Skype) running on one protocol (eg. HTTP or HTTPS). Mandatory
NIPS.REQ.014 : The device should identify SSL Protocol based attacks. Mandatory
NIPS.REQ.015 : The device should have the ability to scan malware within files such as PDF, MS office Documents. Mandatory
NIPS.REQ.016 : The device should be capable of providing network-based detection of malware by checking the disposition of known files in the cloud. Mandatory
NIPS.REQ.017 : The device should support Protection against Client side attacks. Mandatory
NIPS.REQ.018 : The device should protect:
Web applications
Web 2.0
Databases
 Mandatory
NIPS.REQ.019 : The device should support both IPv4 & IPv6 simultaneously (Dual Stack). Mandatory
NIPS.REQ.020 : The device should support botnet protection based on:
a) BOT detection
b) Command and control database
 Mandatory
NIPS.REQ.021 : The device should protect against DOS/DDOS attacks based on Threshold based detection. Mandatory
NIPS.REQ.022 : Performance
Should have minimum Inspected throughput of 1 Gbps for all kinds of traffic.
Should support minimum 500,000 Concurrent Connections.
Should have dedicated 10/100/1000 RJ45 Management Interface.
The device should have 8 10/100/1000 ports.
Mandatory
NIPS.REQ.023 : Reporting and Alerting Mandatory
NIPS.REQ.024 : The management platform should provide robust reporting capabilities, including a selection of pre-defined reports and the ability for complete customization and generation of new reports. Mandatory
NIPS.REQ.025 : Availability Mandatory
NIPS.REQ.026 : Sensors should support built-in capability of failing close and failing open, such that communications traffic is still allowed to pass if the inline sensor goes down. Mandatory
NIPS.REQ.027 : Third-Party Integration Mandatory
NIPS.REQ.028 : The management platform should include an integration mechanism, to enable respond to threats. Mandatory
NIPS.REQ.029 : Network Behavior Analysis (NBA) Mandatory
NIPS.REQ.030 : The solution should provide NBA capability to detect threats emerging from both outside the network & inside the network. Mandatory
NIPS.REQ.031 : Threat Protection Mandatory
NIPS.REQ.032 : Detection rules should be based on an extensible, open language that enables users to create their own rules, as well as to customize any vendor-provided rules. Mandatory
NIPS.REQ.033 : The detection engine should be capable of detecting and preventing a wide variety of threats (e.g., malware, network probes/reconnaissance, VoIP attacks, buffer overflows, P2P attacks, zero-day threats, etc.). Mandatory
NIPS.REQ.034 : Sensors should be capable of performing packet-level forensics and capturing raw packet data in response to individual events without significant performance degradation. Mandatory
NIPS.REQ.035 : Policy Configuration Mandatory
NIPS.REQ.036 : The device should have facility to enable/disable each individual signature. Each signature should allow granular tuning. Mandatory
NIPS.REQ.037 : The device should support granular management. Should allow policy to be assigned per device, port, VLAN tag, IP address/range. Mandatory
NIPS.REQ.038 : The device must have facility to exempt IPS inspection for a particular signature based on
a) Source or Destination IP/Subnet
b) Between two IP/subnet
 Mandatory
NIPS.REQ.039 : The device should support a wide range of response actions:
a) Block traffic
b) Ignore
c) TCP reset
d) Packet capture
e) Email alert
f) SNMP alert
g) Syslog alert
Mandatory
NIPS.REQ.040 : Real-Time Awareness Mandatory
NIPS.REQ.041 : The solution should be capable of gathering information about network hosts and their activities. Mandatory
NIPS.REQ.042 : The solution should be capable of employing an extensive set of contextual information (e.g., behavior of the network) to improve the efficiency and accuracy of analysis of detected events. Mandatory
NIPS.REQ.043 : The solution should be capable of providing the appropriate inspections and protections for traffic sent over non-standard communications ports. Mandatory
NIPS.REQ.044 : High Availability Mandatory
NIPS.REQ.045 : The device should support High Availability. Mandatory
NIPS.REQ.046 : The device should support both Active/Passive and Active/Active Configuration Mandatory
NIPS.REQ.047 : Management and Usability Mandatory
NIPS.REQ.048 : The solution should support centralized, life cycle management for all sensors. Mandatory
NIPS.REQ.049 : The solution should be accessible via a web-based SSL interface. Mandatory
NIPS.REQ.050 : The system should be under warranty for minimum 3 years along with support service. Mandatory
NIPS.REQ.051 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Host based Intrusion Prevention System

Standard id Standard Clasification
HIPS.REQ.001 : The proposed solution should be a virtualization aware solution that provides advanced protection for systems. Mandatory
HIPS.REQ.002 : The proposed solution should be supported on multiple operating systems including but not limited to Microsoft Windows, Solaris , Red Hat Enterprise & Suse Linux, etc. Mandatory
HIPS.REQ.003 : The proposed solution should be able to provide protection such as Antimalware real time, IDS/IPS, Firewall, Integrity changes, and Inspection of system critical logs for all the systems and should be able to achieve with the single Agent. Mandatory
HIPS.REQ.004 : The proposed solution should have management console and provide Prevention and Monitoring support for all the operating systems in the heterogeneous environment. Mandatory
HIPS.REQ.005 : Should provide intrusion detection and protection by analyzing events, operating system logs and inbound/outbound network traffic on enterprise servers. Mandatory
HIPS.REQ.006 : The proposed solution should employ full, seven-layer, state-based protocol decoding and analysis. Analyses all packets to and from the server for and propagation. To detect and prevent attacks, both known and unknown intrusion attempts. Should prevent the following:
a) Prevents the delivery and installation of kernel-level Root kits.
b) Prevents cross-site scripting (XSS) attacks.
c) Prevents SQL injection attacks.
d) Prevents DOS, DDOS, worm, botnet and Trojan attacks.
e) Prevent Buffer overflow attacks
f) Decodes backdoor communications and protocols.
g) Inspect and block attacks that happen over SSL (HTTP & HTTPS).		 Mandatory
HIPS.REQ.007 : The proposed solution should have rule based protection, and for servers. Mandatory
HIPS.REQ.008 : The proposed solution should have Application based Control rules provide increased visibility into the applications that are accessing the network. These rules shall be used to identify malicious users / software accessing the network and provide insight into suspicious activities such as allowed protocols over unexpected ports (FTP traffic on a mail server, HTTP traffic on an unexpected server, or SSH traffic over SSL, etc.) Mandatory
HIPS.REQ.009 : The proposed solution should have detailed events data to provide valuable information, including the source of the attack, the time, and what the potential intruder was attempting to exploit, shall be logged. Mandatory
HIPS.REQ.010 : The proposed solution should be capable of blocking and detecting of IPv6 attacks. Mandatory
HIPS.REQ.011 : The solution should allow blocking based on thresholds. Mandatory
HIPS.REQ.012 : The proposed solution should have detection capability of reconnaissance activities such as port scans and also detect protocol violations of standard protocols. Mandatory
HIPS.REQ.013 : The proposed solution should have an auditable reporting should generate within the solution, along with alert generations, and automated report creation and delivery. Mandatory
HIPS.REQ.014 : The proposed solution should have Agent installation methods to support manual local installation and distribution through LDAP / Active Directory. No restart should be required once the agent is installed on the Servers. Mandatory
HIPS.REQ.015 : The proposed solution should have comprehensive Role Based Access Control features including controlling who has access to what areas of the solution and who can do what within the application. Mandatory
HIPS.REQ.016 : The system should be under warranty for minimum 3 years along with support service. Mandatory
HIPS.REQ.017 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Security Incident and Event Management

Standard id Standard Clasification
SIEM.REQ.001 : The solution should support the event throughput rate of minimum 10K EPS (events per second) and should have capability to upgrade up to 20K EPS. Mandatory
SIEM.REQ.002 : The solution should have single integrated facility for log investigation, incident management etc. with a search facility to search the collected raw log data for specific events or data. Mandatory
SIEM.REQ.003 : A well-defined architecture along with pre and post installation document need to be shared by the bidder. Mandatory
SIEM.REQ.005 : The solution should support collection of events/logs and network flows from distributed environment(s). Mandatory
SIEM.REQ.006 : The solution should correlate security/network events to enable the SIEM to quickly prioritize it’s response to help ensure effective incident handling. Mandatory
SIEM.REQ.007 : The solution should integrate asset information in SIEM such as categorization, criticality and business profiling and use the same attributes for correlation and incident management. Mandatory
SIEM.REQ.008 : The solution should provide remediation guidance for identified security incident: Mandatory
SIEM.REQ.009 : a) Solution should be able to specify the response procedure (by choosing from the SOPs) to be used in incident analysis/remediation. Mandatory
SIEM.REQ.010 : b) The solution should have provision for work flow based multiple levels of escalations. The solution should offer a means of escalating alerts between various users of the solution, such that if alerts are not acknowledged in a pre- determined timeframe, that alert is escalated to ensure it is investigated. Mandatory
SIEM.REQ.011 : The solution should facilitate best practices configuration to be effectively managed in a multi-vendor and heterogeneous information systems environment. Mandatory
SIEM.REQ.012 : The solution should provide capability to discover similar patterns of access, communication etc. occurring from time to time, for example, slow and low attack. Mandatory
SIEM.REQ.013 : The solution should have an exhaustive incident tracking system that can track, investigate and resolve events in work-flow like environment Mandatory
SIEM.REQ.014 : The bidder should perform regular (at least twice a year) health check and fine tuning of SIEM solution and should submit a report to the Department. Mandatory
SIEM.REQ.015 : The solution should share the list of out of the box supported devices/log types. Mandatory
SIEM.REQ.016 : The solution should support hierarchical structures for distributed environments. The solution should have capability for correlation of events generated from multiple SIEM(s) at different location in single management console. Mandatory
SIEM.REQ.017 : The event correlation on SIEM should be in real time and any delay in the receiving of the events by SIEM is not acceptable. Mandatory
SIEM.REQ.018 : The solution should support internal communication across SIEM-components via well-defined secured channel. UDP or similar ports should not be used. Mandatory
SIEM.REQ.019 : Event dropping/caching by SIEM solution is not acceptable and same should be reported and corrected immediately. Mandatory
SIEM.REQ.020 : The solution should be able to import the vulnerability information from scanning and assessment tools on real time basis and correlate them / provide contextual information on vulnerability data to incidents for all possible implications. Mandatory
SIEM.REQ.021 : The solution should be able to facilitate customized dashboard creation, supporting dynamic display of events graphically. Mandatory
SIEM.REQ.022 : The solution should be able to capture all the fields of the information in the raw logs. Mandatory
SIEM.REQ.023 : The solution should support storage of raw logs for forensic analysis. Mandatory
SIEM.REQ.024 : The solution should be able to integrate logs from new devices into existing collectors without affecting the existing SIEM processes. Mandatory
SIEM.REQ.025 : The solution should have capability of displaying of filtered events based on event priority, event start time, end time, attacker address, target address etc. Mandatory
SIEM.REQ.026 : The solution should support configurable data retention policy based on organization requirement. Mandatory
SIEM.REQ.027 : The solution should provide tiered storage strategy comprising of online data, online archival, offline archival and restoration of data. Please elaborate on log management methodology proposed. Mandatory
SIEM.REQ.028 : The solution should compress the logs by at least 70% or more at the time of archiving. Mandatory
SIEM.REQ.029 : The solution should have capability for log purging and retrieval of logs from offline storage. Mandatory
SIEM.REQ.030 : The solution should support networked and scalable storage using SAN, NAS, DAS etc. Mandatory
SIEM.REQ.031 : The solution should provide capability for configuration backup. Mandatory
SIEM.REQ.032 : Solution should be capable of replicating logs for replication from Primary site to DR site. Mandatory
SIEM.REQ.033 : The solution should provide proactive alerting on log collection failures so that any potential loss of events and audit data can be minimized or mitigated. Mandatory
SIEM.REQ.034 : The solution should provide a mechanism (in both graphic and table format) to show which devices and applications are being monitored and determine if a continuous set of collected logs exist for those devices and applications. Mandatory
SIEM.REQ.035 : The solution should support automated scheduled archiving functionality into file system. Mandatory
SIEM.REQ.036 : The solution should support normalization of real time events. Mandatory
SIEM.REQ.037 : The solution should provide a facility for logging events with category information to enable device independent analysis. Mandatory
SIEM.REQ.038 : The solution should support aggregation techniques that consolidate multiple identical raw events into one processed event. Mandatory
SIEM.REQ.039 : The platform should be supplied on Hardened OS embedded in Hardware / Virtual Appliance. The storage configuration should offer a RAID configuration to allow for protection from disk failure. Mandatory
SIEM.REQ.040 : The platform should have High Availability Configuration of necessary SIEM components to ensure there is no single point of failure. Please describe the architecture proposed to meet this requirement. Mandatory
SIEM.REQ.041 : By default at the time of storage, solution should not filter any events. However, solution should have the capability of filtering events during the course of correlation and report generation. Mandatory
SIEM.REQ.042 : The solution should ensure the integrity of logs. Compliance to regulations should be there with tamper-proof log archival. Mandatory
SIEM.REQ.043 : Solution should have inbuilt query analysis capability without requiring any third-party solution. Mandatory
SIEM.REQ.044 : The solution should be able to continue to collect logs during backup, de-fragmentation and other management scenarios. Mandatory
SIEM.REQ.045 : The solution should support collection of logs from all the devices quoted in RFP. Mandatory
SIEM.REQ.046 : The collection devices should support collection of logs via the following but not limited methods:
1. Syslog over UDP / TCP
2. SNMP
3. ODBC (to pull events from a remote database)
4. FTP (to pull a flat file of events from a remote device that can’t directly write to the network)
5. Windows Event Logging Protocol
6. XML
7. NetBIOS
Mandatory
SIEM.REQ.047 : The solution should have native audit capability for end to end incident management. Complete audit trail of incident life cycle (like incident alerting, action taken by each user, final outcome of incident, closing of incident) should be maintained. Mandatory
SIEM.REQ.048 : The solution should allow a wizard / GUI based interface for rules (including correlation rules) creation as per the customized requirements. The rules should support logical operators for specifying various conditions in rules. Mandatory
SIEM.REQ.049 : The solution should support all standard IT infrastructure including Networking & Security systems, OS, RDBMS, Middleware, Web servers, Enterprise Management System, LDAP, Internet Gateway, Antivirus, and Enterprise Messaging System, Data loss prevention (DLP) etc. Mandatory
SIEM.REQ.050 : The solution should have provision for integration of the following:
a) Inclusion of “user context” ”through systems such as LDAP).
b) The solution should enable the correlation of identity and session information to assist in responding to incidents that are user centric.
c) Inclusion of “Data context”. : The solution should provide the ability to display the country of origin based on IP address.
d) Inclusion of “Application context”.
Mandatory
SIEM.REQ.051 : Solution should have license for minimum 10 users for SIEM administration. Mandatory
SIEM.REQ.052 : The solution should have the ability to define various roles for SIEM administration, including but not limited to: Operator, Analyst, SOC Manager etc. for all SIEM components. Mandatory
SIEM.REQ.053 : The solution should support SIEM management process using a web based solution. Mandatory
SIEM.REQ.054 : The solution should support the following co- relation: Mandatory
SIEM.REQ.055 : Statistical Threat Analysis - To detect anomalies. Mandatory
SIEM.REQ.056 : Susceptibility Correlation - Raises visibility of threats against susceptible hosts. Mandatory
SIEM.REQ.057 : Vulnerability Correlation - Mapping of specific detected threats to specific / known vulnerabilities Mandatory
SIEM.REQ.058 : Rules based Correlation - The solution should allow creating rules that can take multiple scenarios like and create alert based on scenarios. Mandatory
SIEM.REQ.059 : The solution should also support historical correlation and have capability to analyse historical data using a new correlation rule and carry out trend analysis on collected data. Mandatory
SIEM.REQ.060 : Solution should have capability to correlate based on the threat intelligence for malicious domains, proxy networks, known bad IP’s and hosts. Mandatory
SIEM.REQ.061 : The solution should provide ready to use rules for alerting on threats e.g., failed login attempts, account changes and expirations, port scans, suspicious file names, default usernames and passwords, High bandwidth usage by IP, privilege escalations, configuration changes, traffic to non-standard ports, URL blocked, accounts deleted and disabled, intrusions detected etc. Mandatory
SIEM.REQ.062 : The solution should support the following types of correlation conditions on log data:
a) One event followed by another event
b) Grouping, aggregating, sorting, filtering, and merging of events.
c) Average, count, minimum, maximum threshold etc.
Mandatory
SIEM.REQ.063 : The solution should prioritize & enrich events based on existing threats / alerts / incidents on the asset. E.g. If there is a known vulnerability detected by vulnerability scanner on an asset, solution should categorize the risk higher since the vulnerability was already known so that action may be taken pro-actively. Mandatory
SIEM.REQ.064 : The solution should offer a user interface that is capable of providing the Information Security team an intuitive way of using recognized network tools e.g. whois, nslookup, ping etc. to assist in analysis and response work. Mandatory
SIEM.REQ.065 : Solution should provide threat scoring based on:
a) Host, network, priority for both source & destination
b) Real-time threat, event frequency, attack level etc.
Mandatory
SIEM.REQ.066 : The solution should correlate and provide statistical anomaly detection with visual drill down data mining capabilities. Mandatory
SIEM.REQ.067 : The solution should have the capability to send notification messages and alerts through email, SMS, etc. Mandatory
SIEM.REQ.068 : Solution should support Real-time reporting as well as scheduled reporting Mandatory
SIEM.REQ.069 : Solution should support report designing capability without using any third party product. Mandatory
SIEM.REQ.070 : Reporting feature should be inherent in the solution and not provided by a third party. The solution should have flexibility to design custom made reports as required by Department from time to time. Bidder should design customized reports as desired by Department from time to time. Mandatory
SIEM.REQ.071 : Customized reports should be configurable / designable via GUI and not CLI Mandatory
SIEM.REQ.072 : The tool should provide facility for separate alerting and reporting console for different asset groups. Mandatory
SIEM.REQ.073 : The solution should support RADIUS and LDAP / Active Directory for Authentication. Mandatory
SIEM.REQ.074 : The solution should provide highest level of enterprise support directly from OEM. Mandatory
SIEM.REQ.075 : The solution should provide a single point of contact directly from OEM for all support reported OEM. Mandatory
SIEM.REQ.076 : The solution should mention the response time for customized parsers writing for out of box unsupported device log types or in case of version upgrade(s) which lead to a new log type. Mandatory
SIEM.REQ.077 : The solution should ensure continuous training and best practice updates for onsite team from its backend resources. Mandatory
SIEM.REQ.078 : The solution should provide the report generation progress status in the console. Mandatory
SIEM.REQ.079 : Solution should support log integration for IPv4 as well as for IPv6. Mandatory
SIEM.REQ.080 : Solution should provide inbuilt dashboard for monitoring the health status of all the SIEM components, data insert/retrieval time, resource utilization details etc. Mandatory
SIEM.REQ.081 : Solution should support at least 100 default correlation rules for detection of network threats and attacks. The performance of the solution should not be affected with all rules enabled. Mandatory
SIEM.REQ.082 : The central management console/ Enterprise Security managers/receivers should be in high availability. Mandatory
SIEM.REQ.083 : The solution should be capable to preserve Network Packets (at least 3 months on-site) for the suspicious network traffics. Mandatory
SIEM.REQ.084 : For the industry specified compliance requirements e.g.; PCI-DSS, HIPAA etc. the preferred solution should design with consideration of respective compliance requirements. Mandatory
SIEM.REQ.085 : The solution should be capable to detect anomalous activities and Attack Techniques (preferably specified by MITRE Attack Matrix) with correlation of endpoints events/ logs and network traffic analysis. Mandatory
SIEM.REQ.086 : The solution should facilitate manual threat hunting type activities for further analysis by the analysts. Mandatory
SIEM.REQ.087 : The system should be under warranty for minimum 3 years along with support service. Mandatory
SIEM.REQ.088 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Vulnerability Management and Penetration Testing

Standard id Standard Clasification
VAPT.REQ.001 : Bidder should have proposed the VM service in the organization/project of the size of Department having comparable number of hardware devices and software, heterogeneity in information systems setup, complexity, etc. as mentioned in assets section of this RFP. Mandatory
VAPT.REQ.002 : The solution shall provide the facility of Vulnerability Assessment of Android platform that will be running on the MDTs. Mandatory
VAPT.REQ.003 : The solution which would be used for the Department should have received industry recognition / award / certification. Please provide details of such recognition. Mandatory
VAPT.REQ.004 : The solution should support different platforms of OS, RDBMS, networking and security devices and others from time to time. Please provide details of platforms supported. Mandatory
VAPT.REQ.005 : The solution should be accessible from a web based client which can be installed centrally and accessible by users across the organization in different offices. Mandatory
VAPT.REQ.006 : The solution should allow organizations to create multiple assessment profiles for any platform. Mandatory
VAPT.REQ.007 : The solution should allow organizations to customize the checks as per the organization policy and requirements. Mandatory
VAPT.REQ.008 : The solution should allow Department to schedule the VA of selected assets for a pre-defined date and time. Mandatory
VAPT.REQ.009 : Bidder should have scripts which are capable of manually collecting the security configuration data from the assets. Mandatory
VAPT.REQ.010 : The solution should support upload of the security configuration data for detailed assessment and analysis. Mandatory
VAPT.REQ.011 : The solution should perform intelligent port scanning for service identification running on non-standard ports and also support scanning throttling / rate limiting speed. Mandatory
VAPT.REQ.012 : The solution should be capable of Policy Compliance, Baseline Policy Scan. Mandatory
VAPT.REQ.013 : The solution should have internal security controls like different privileges for admin/operators etc., strong password etc. Mandatory
VAPT.REQ.014 : The solution should provide secure configuration document for all the platforms including implementation steps for all checks. Mandatory
VAPT.REQ.015 : The solution should allow organizations to create asset details of all servers and devices with their IP, platform details, owner, location, department and value of the asset. Mandatory
VAPT.REQ.016 : The solution should provide functionality for automated VA over network (with remote access) as also manual vulnerability assessment. Mandatory
VAPT.REQ.017 : The solution should not require any of their agents to be pre- installed in the target assets to enable automated VA. Mandatory
VAPT.REQ.018 : Bidder should capture risk profile of assets to prioritize security measures. Mandatory
VAPT.REQ.019 : Secure configuration baseline software should have the provision to add custom risks along with the value of risks. Mandatory
VAPT.REQ.020 : Configuration assessment of database should check for the items given below. This is a minimum indicative list, bidders are encouraged to check for more settings in line with best practices (SANS, NIST, CERT-IN):
a) Default passwords
b) Look for latest patches and updates
c) Test for secure authentication mechanism
d) Configuration issues
Mandatory
VAPT.REQ.021 : Configuration assessment of network & security devices should check for the items given below. This is a minimum indicative list, bidders are encouraged to check for more settings in line with best practices (SANS, NIST, CIS, CERT-IN):
a) Access Control
b) System Authentication – remote administration security, password security
c) Auditing and Logging
d) Insecure Dynamic Routing Configuration
e) Insecure Service Configuration – Unnecessary services running, SNMP service security
f) Insecure TCP/IP Parameters – source routing, IP directed broadcasts, UDP broadcast forwarding
g) Latest version not used
Mandatory
VAPT.REQ.022 : Bidder should be able to provide the following VM services. Mandatory
VAPT.REQ.023 : Provide accurate network discovery detail. Mandatory
VAPT.REQ.024 : Identify network risks and prioritize issues as H, M, L (High, Medium and Low). Mandatory
VAPT.REQ.025 : Identify Asset-Based Threat Profiles: Organizational view. Mandatory
VAPT.REQ.026 : Identify Infrastructure Vulnerabilities: Technological view. Mandatory
VAPT.REQ.027 : Identify Infrastructure Vulnerabilities: Technological view. Mandatory
VAPT.REQ.028 : Provide Protection Strategy for the Organization, Mitigation Plans for the vulnerable assets and Action lists (Immediate, Mid-term & Long term) for the near term actions. Mandatory
VAPT.REQ.029 : Configuration of all Network Equipment should be verified for any Security threats, which include the following:
1. Smurf and SYN Flood.
2. DOS Attacks.
3. Protection against Viruses / SLAMMER / Trojans etc.
a. Communication Controls.
b. Open Ports & Services.
c. Firewall/ACLs (Access Control List), Open ports/Services.
d. Whether LAN Access policy are well defined.
e. Whether Redundancy of Ethernet ports are available on the servers.
f. Redundancy at power levels UPS and capacity, and recommendations.
g. Checking for Trojans and Slammer.
h. Checking of VLAN architecture and Security measures.
4. Server(s) Security Policies
a. Verification of access lists and account settings to ensure access is configured based on need to do.
b. Whether unused and default accounts are disabled.
c. Validate the key registry settings & group policies/local policies.
d. Scanner should be run to check and verify for only application specific ports are open.
e. Un- patched vulnerabilities in the operating system of the critical and important Servers especially MAIL Server, Proxy Servers, database Servers, DNS Servers, DHCP servers.
f. Does the Server setup perform proper authentication to suit the risk associated with their access?
g. Assessing the security segmentation of the different risk levels of servers and users.
h. Verifying the High Availability of the Enterprise Servers like Mail server, Department’s critical Application Server, Proxy server and Primary Domain Controller (PDC).
i. Shared resources present with insecure permission.
j. Assessing the permission assigned to critical system files and folders.
k. Verification of audit logs settings.
l. Password and account lockout policy settings.
m. Non-essential services running on servers.
n. Whether servers are updated with latest service packs and patches.
o. Whether servers are updated with latest security patches.
5. Network Devices
a. Whether logs and debug information are properly time stamped.
b. Insecure RIP Configuration. c. Insecure OSPF Configuration.
d. Insecure BGP configuration.
e. Verification of the use of default SNMP community strings
6. Security Devices
a. AAA authentication for enable mode
b. AAA authentication for console
c. Unencrypted remote administration d. High authentication proxy-limit
e. Fragment protection
7. Desktop Security
a. Vulnerability scanning of desktop systems
b. Observe, analyze and assess the operations being performed from desktop system
c. Analyze the vulnerability scanning report
d. Detailed report on findings with suggestions and recommendations.
e. Anti-malware control on the workstations
Mandatory
VAPT.REQ.030 : The assessment should check for various categories of threat to the network including: Mandatory
VAPT.REQ.031 : 1. Unauthorized access into the network and extent of such access possible
2. Unauthorized modifications to the network and the traffic flowing over network
3. Extent of information disclosure from the network
4. Spoofing of identity over the network
5. Possibility of denial of services
6. Possible threats from malicious codes (viruses and worms)
7. Effectiveness of Virus Control system
a. In E-mail gateways
b. In usage of other media – Floppies/CD/USB – ports
c. Control over network points
d. Can visitor plug in laptops / devices?
e. Control over access Time, station, dial-up and so on.
8. Possibility of traffic route poisoning
9. Configuration issues related to access lists, account settings
10. Whether the IOS is latest and not been in the Security Advisories
11. Vulnerabilities assessment of routers, switches, IPS and other network devices against hardening standards of the organization.
Mandatory
VAPT.REQ.032 : Access Control every router / Switches should be checked for the following configuration standards: Mandatory
VAPT.REQ.033 : 1. Whether routers/ Switches are using AAA model for all user authentication
2. Whether enable password on the routers/ Switches are secure encrypted form
3. Whether it meets the password policy with minimum Characters in length
4. Whether local and remote access to the Networking devices are limited & restricted.
Mandatory
VAPT.REQ.034 : Validate following services for security, effectiveness and efficiency on all Network devices:
1. IP directed broadcasts
2. Incoming packets at the router sourced with invalid addresses such as RFC1918 address
3. TCP small services
4. UDP small services
5. All source routing
6. All web services running on router
7. What standardized SNMP community strings used
8. Logging & Auditing
9. Execution of wireless network scans in the network
10. Assessing presence of any broadband internet connections, wireless data-cards and phone modems.
Mandatory
VAPT.REQ.035 : Open ports, vulnerable services running on remote host. Mandatory
VAPT.REQ.036 : Attempt to guess passwords using password cracking tools or brute forcing. Mandatory
VAPT.REQ.037 : Search for back door trap in the application / server. Mandatory
VAPT.REQ.038 : Attempt to overload the system using DDoS & DoS at application level. Mandatory
VAPT.REQ.039 : Check for commonly known holes in the software like browser based vulnerabilities , email application / flash etc. Mandatory
VAPT.REQ.040 : Check for common vulnerabilities (vulnerabilities list should be based on OWASP TOP 10/SANS 25 list) and should include issues like data validation, business rule transgression, file upload, csrf IP Spoofing, Buffer overflows, session hijacks, account spoofing, frame spoofing, caching of web pages, cross site scripting, SQL injection, stealing password of other users, session management, Stealing of sensitive data etc. Mandatory
VAPT.REQ.041 : Check for vulnerabilities that could be exploited for website defacement & unauthorized modification of internet website. Mandatory
VAPT.REQ.042 : Secured Server authentication procedures. Mandatory
VAPT.REQ.043 : Review logical access to core applications, OS, databases, network segments. Mandatory
VAPT.REQ.044 : Review logical access to Department’s web application, OS, database, network, physical access control hosted at ISP’s premises. Mandatory
VAPT.REQ.045 : Program change management and Version control checks. Mandatory
VAPT.REQ.046 : Weak SSL certificate and ciphers. Mandatory
VAPT.REQ.047 : Configuration checks for OS, Web Server, Application Frameworks, and DB. Mandatory
VAPT.REQ.048 : DB access and database security should be segregated from application. Mandatory
VAPT.REQ.049 : Load Balancer to be checked for transparent transfer. Mandatory
VAPT.REQ.050 : The system should be under warranty for minimum 3 years along with support service. Mandatory
VAPT.REQ.051 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Anti-Advanced Persistent Threat

Standard id Standard Clasification
AAPT.REQ.001 : The solution should be able to inspect and block all network sessions regardless of protocols for suspicious activities or files at various entry/exit sources to the network. Mandatory
AAPT.REQ.002 : The solution should be able to work in inline mode and protect against Advanced Malware, zero-day web exploits and targeted threats without relying on signature database. Mandatory
AAPT.REQ.003 : The solution should be able to identify malware present in network file shares and web objects (EXE, DLL, PDF, Microsoft Office Documents) Java (.jar and class files), embedded objects such as JavaScript, Flash, images etc. , compressed (zip) and encrypted (SSL) content. Mandatory
AAPT.REQ.004 : The solution should be able to block malware downloads over different protocols. Mandatory
AAPT.REQ.005 : The solution should be able to identify spear phishing email containing malicious URLs and attachments that bypass the anti-SPAM technologies. Mandatory
AAPT.REQ.006 : The solution should have Sandbox test environment which can analyze threats to various operating systems, browsers, databases etc. Mandatory
AAPT.REQ.007 : The solution should support both inline and out of the band mode. Mandatory
AAPT.REQ.008 : The solution should be able to detect and prevent bot outbreaks including identification of infected machines. It is expected that Bidder will quote best of the breed solution that can detect and protect Department against zero day and advanced stealth malware attacks, non-signature based threats and data exfiltration through different threat vectors. Mandatory
AAPT.REQ.009 : The solution should be appliance based with hardened OS. No information should be sent to third party systems for analysis of malware automatically. Mandatory
AAPT.REQ.010 : The solution should be able to block the call back tunnel including fast flux connections. Mandatory
AAPT.REQ.011 : The solution should be able to capture packets for deep dive analysis. Mandatory
AAPT.REQ.012 : The solution should be able to pinpoint the origin of attack. Mandatory
AAPT.REQ.013 : The solution should be able to conduct forensic analysis on historical data. Mandatory
AAPT.REQ.014 : Dashboard should have the feature to report Malware type, file type, CVE ID, Severity level, time of attack, source and target IPs, IP protocol, Attacked ports, Source hosts etc. Mandatory
AAPT.REQ.015 : The solution should generate periodic reports on attacked ports, malware types, types of vulnerabilities exploited etc. Mandatory
AAPT.REQ.016 : The solution should be able to export event data to the SIEM or Incident Management Systems. Without having Integration between different security components a unified security can't be achieved it is therefore expected from the bidder to design the security architecture in such a way which protects the Department Infrastructure is best possible way without resulting in Vendor Locking and Proprietary Standards / Features. Level and depth of Integration has to be proposed by bidder. Mandatory
AAPT.REQ.017 : Solution should be able to monitor encrypted traffic. Mandatory
AAPT.REQ.018 : The management console should be able to provide information about the health of the appliance such as CPU usage, traffic flow etc. The APT solution should have sufficient RAM & HDD considering the Department requirements. The Management console should be able to provide information about the health of the appliance such as CPU usage, traffic flow etc. Mandatory
AAPT.REQ.019 : The solution should display the geo-location of the remote command and control server. Mandatory
AAPT.REQ.020 : The solution should be able to integrate with Active Directory / LDAP to enforce user based policies. Mandatory
AAPT.REQ.021 : The system should be under warranty for minimum 3 years along with support service. Mandatory
AAPT.REQ.022 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Data Leakage Prevention System

Standard id Standard Clasification
DLP.REQ.001 : The Solution should have Centralized Management, web based console for System Administration Mandatory
DLP.REQ.002 : The solution should integrate with the existing LDAP for Authentication and provide Administrative roles based on LDAP groups. Mandatory
DLP.REQ.003 : The solution should have Secure Storage of System Passwords and Data Repository. Mandatory
DLP.REQ.004 : The solution should maintain audit logs that track administrator activity within the DLP suite that can provide details on policy modifications, logins, and other administrative activity. The following details should be logged-
a) creation, deletion, and updating of DLP groups
b) creation, deletion, and updating of DLP user roles
c) changes to the configuration of DLP Network, including creating, deleting, or modifying the configuration
d) all logins to the centralized web console
e) creation, deletion, and updating of DLP policies
 Mandatory
DLP.REQ.005 : The solution should have Ability to deploy temporary agents for scanning and support incremental scans to speed up the scanning time Mandatory
DLP.REQ.006 : The solution should provide a very fine grained access control allowing creation of roles with any combination of permissions Mandatory
DLP.REQ.007 : The solution should have feature to create a role with access to system administration functions but not to policy, incident, or employee information. Mandatory
DLP.REQ.008 : The solution should have feature to create a role to have the ability to author policies but not to deploy them live on the network. Mandatory
DLP.REQ.009 : The solution should have feature to create a role to that allows users to view incidents but not to modify or remediate them. Mandatory
DLP.REQ.010 : Feature to create a role that has the ability to see summary reports, trend reports and high-level metrics without the ability to see individual incidents? Mandatory
DLP.REQ.011 : Pre-Built Described Content Definitions, dictionaries with Contextual Criteria, Proximity Criteria, Weighting Criteria, Fingerprinting, Fingerprinting Crawler with definable parameters, Databases Fingerprinting with Ability to select Must Have and May have columns. Detection of Encrypted Files and Password protected files Mandatory
DLP.REQ.012 : The solution should detect based on file content and not file extension. The solution should not modify or add to the actual content in any case unless it requires encryption and/or quarantining Mandatory
DLP.REQ.013 : The solution should have Out of the box predefined Policies. Mandatory
DLP.REQ.014 : The solution should have Custom Policy definition upon File type (extension and true file type) , Network Destination - sender/recipient IP and/or email address, Transmission attributes, protocol types, Identity per LDAP user and groups, content type, Risk and Severity Mandatory
DLP.REQ.015 : System should allow for configurable scoring of incident severity based on the following –
a. Amount of data records exposed?
b. Specific senders or recipients
c. Network protocol
d. Specific records that were exposed
e. Specific documents that were exposed
f. Custom Active Directory attribute
g. Network Source and Destination
 Mandatory
DLP.REQ.016 : The solution should support inclusion and exclusion detection rules based on corporate directory data to enforce policy based on attribute of senders or receivers such as business unit, department, job level, employment status, security clearance, geography, or employee vs. contractor Mandatory
DLP.REQ.017 : The solution should have predefined detection policies to cover regulate and detection best practices, including pre-defined lexicons for commonly required regulations Mandatory
DLP.REQ.018 : The solution should support fingerprinting along with described content Mandatory
DLP.REQ.019 : The solution allow creating policies applicable to individual users or groups as a whole. It should be possible to define exceptions of individual users in a group when the policy is defined for the whole group Mandatory
DLP.REQ.020 : The same policy should be applicable for the defined content in all possible locations as described above - data at rest, data in motion and data in use Mandatory
DLP.REQ.021 : The policy should be able to apply different actions when a particular endpoint is within the company network and while it is not connected to the network. The scanning capabilities should not differ in both the modes Mandatory
DLP.REQ.022 : The solution should provide identical detection capabilities across all threats covered (e.g., for both network and endpoint based products, and for both data monitoring and prevention and data discovery and protection) Mandatory
DLP.REQ.023 : Support segregated mechanism to define policy and content definition allowing the same content discovery definition to be used by multiple policies and each policy to act on multiple content discover definition Mandatory
DLP.REQ.024 : the solution should provide a SINGLE web based interface for ALL aspects of policy editing and policy management, across all products (across monitoring and prevention and across network and endpoint) Mandatory
DLP.REQ.025 : The solution should protect data on move e.g. SMTP including attachments, POP3 including attachments, IMAP, HTTP including file uploads, FTP, IM protocols (AIM, Yahoo, MSN, Google) and properly classify tunneled IM traffic (HTTP) Mandatory
DLP.REQ.026 : For each of the Internet gateways for SMTP and web traffic dedicated appliances should be provided to monitor and manage any remediation locally without requiring sending the traffic back to a remote server Mandatory
DLP.REQ.027 : The solution should be able to quarantine any mail that violates DLP policies and notification should be sent to inform for either a self-release of the quarantine mail or by the manager or automated release/drop within a specified time-period Mandatory
DLP.REQ.028 : Support scanning Windows file systems, Unix File Systems, Storage devices, MS SharePoint, WebDAV, archived and stored emails and RDBMS Mandatory
DLP.REQ.029 : Definable Scan Schedules and Scan windows (ex: pause & resume) Mandatory
DLP.REQ.030 : Ability to meter the scanning speed to ensure optimal resource usage, balance scan load across multiple scanning systems and ability to dynamically commission additional scanning systems to increase scan performance Mandatory
DLP.REQ.031 : Preserve file attributes including 'last accessed' attribute Mandatory
DLP.REQ.032 : The solution should support full and partial text fingerprinting and full binary fingerprinting Mandatory
DLP.REQ.033 : The system should be under warranty for minimum 3 years along with support service. Mandatory
DLP.REQ.034 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Network Access Control

Standard id Standard Clasification
NAC.REQ.001 : The solution must be deployable using an integrated single appliance supporting all the features and functionalities (multiple appliances may only be used to increase scalability and/or support high-availability). Mandatory
NAC.REQ.002 : The offered solution must be physical appliance based. Mandatory
NAC.REQ.003 : The solution should discover any new network device entering the network and permit network access based upon the policy for this network device. Mandatory
NAC.REQ.004 : The solution should provide access solution for guests and visitors. The solution should support Captive portal based solution for these classes of users. Mandatory
NAC.REQ.005 : The solution should be able to restrict any unmanaged device in the network and should be able to provide LAN and guest users access to network resources based on policy based (Authentication, posture check, firewall) rules. Mandatory
NAC.REQ.006 : The solution should have a provision to support non-NAC capable hosts (i.e., printers, IP phones, etc.) based on Mac address or other parameter and it should support exception lists for non-NAC capable hosts. Mandatory
NAC.REQ.007 : The logs should support logs for all activities Mandatory
NAC.REQ.008 : The solution should provide real time alerts. Mandatory
NAC.REQ.009 : The solution must support multiple operating systems Windows Client Operating System, Windows Server Operating System, Apple MAC client operating system. Mandatory
NAC.REQ.010 : The offered solution must have HA (High Availability) implemented. Failure of a single device should not affect the functionality of the overall solution. Mandatory
NAC.REQ.011 : Platform must be deployable in out-of-band model. Should not add bottlenecks / more overheads to existing network operations and performance. Mandatory
NAC.REQ.012 : Solution must be agnostic to existing wired, wireless and VPN network in place today and it must support any type of networking equipment (wired, wireless, VPN). Mandatory
NAC.REQ.013 : Should dynamically set VLANs on the switch ports according to the policies set for the devices connected to it. Mandatory
NAC.REQ.014 : Solution must validate List of Allowed Applications running on the Machine [Mandatory and Optional] with User Notification and Auto-Remediation. Mandatory
NAC.REQ.015 : The solution must support the following authentication methods:
1. 802.1X Authentication
2. Agent-Based
3. Agent-less Authentication/ captive portal
 Mandatory
NAC.REQ.016 : The solution must support the following enforcement technologies:
1. VLAN steering
2. Access control lists
3. Vendor-specific RADIUS attribute. Solution must support access based on device type and ownership
Mandatory
NAC.REQ.017 : Should support AAA Server Functionalities Mandatory
NAC.REQ.018 : Management and administration functionalities Mandatory
NAC.REQ.019 : The offered solution must be complete so as to support central management if multiple appliances/servers are involved. Mandatory
NAC.REQ.020 : Should support GUI-based management. Mandatory
NAC.REQ.021 : The solution must be able to generate report for the following parameters:
1. PCs complied with the NAC Policy
2. PCs quarantined
3. Guest PCs connected 4. Network devices connected
Mandatory
NAC.REQ.022 : Must support searching of Devices by MAC Address / IP Address /Device Name. Mandatory
NAC.REQ.023 : Solution must correlate and organize user, authentication and device information together for easier troubleshooting, Mandatory
NAC.REQ.024 : Solution should support MAC based 802.1 X authentication Mandatory
NAC.REQ.025 : Should provide information regarding the endpoint connected to switch, MAC address, IP address and VLANs. Mandatory
NAC.REQ.026 : All assets should be checked against the policies set & should classify hosts as compliant & non-compliant. Mandatory
NAC.REQ.027 : The system should be under warranty for minimum 3 years along with support service. Mandatory
NAC.REQ.028 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Conference Room – LED Display

Standard id Standard Clasification
LCD.REQ.001 : LED Mandatory
LCD.REQ.002 : Minimum 65" Mandatory
LCD.REQ.003 : Full HD, 1920 x 1080 Mandatory
LCD.REQ.004 : Power On/Off with LED Mandatory
LCD.REQ.005 : 2 (Minimum) Mandatory
LCD.REQ.006 : 3 (Minimum) Mandatory
LCD.REQ.007 : Built In Mandatory
LCD.REQ.008 : LED Mandatory
LCD.REQ.009 : Automatic NTSC/PAL; 31.5 ~ 80 KHz (Horizontal) ; 56 ~ 75 Hz (Vertical) Mandatory
LCD.REQ.010 : BNC (Composite Video) – 2 channels (looping); 4-Pin Mini DIN (Y/C Video) DVI-I, 15-pin D-Sub for VGA/SXGA Audio Inputs PC Audio (mini jack) Video Audio (2 channels RCA - looping), HDMI 4 (Rear), Mandatory
LCD.REQ.011 : AC Input – 100 to 240V ~ 0.5A, 50/60Hz Mandatory
LCD.REQ.012 : Detachable Mandatory
LCD.REQ.013 : DVI-I/SXGA/XGA/VGA Mandatory
LCD.REQ.014 : 16.7 Million Mandatory
LCD.REQ.015 : 140º horizontal, 160º vertical Mandatory
LCD.REQ.016 : 41° to 104° F (5° to 40° C) Mandatory
LCD.REQ.017 : 30% to 80% relative, non-condensing Mandatory
LCD.REQ.018 : FCC: Part 15, Class B Mandatory
LCD.REQ.019 : Suitable mounting fixture/ stand to be provided Mandatory
LCD.REQ.020 : The system should be under warranty for minimum 3 years along with support service. Mandatory
LCD.REQ.021 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

General

Standard id Standard Clasification
VWCCC.REQ.001 : The large display wall shall be consisting of multiple rear projection modules in required rows and required columns configuration and behaving as a single logical screen. Mandatory
VWCCC.REQ.002 : Display Unit/Rear Projection Module must be based on Single Chip DLP-based Rear Projection Technology 3 separate color (Red, Green & Blue) LED lit, without any color wheel. Mandatory
VWCCC.REQ.003 : The display unit/rear projection modules shall have in-built illumination system Mandatory
VWCCC.REQ.004 : The diagonal size of each visual display unit/rear projection module shall be 60". Mandatory
VWCCC.REQ.005 : 1920 X 1080 pixels (Full HD) Mandatory
VWCCC.REQ.006 : 16:9 for each projection module Mandatory
VWCCC.REQ.007 : LED - RGB (1 each of 12 sqmm surface area). Multiple LED's of each colour to achieve 12 sqmm area is not acceptable Mandatory
VWCCC.REQ.008 : In case of failure of any 1 or 2 LED lamp, it should be possible to display the Image with available 1 or 2 to continue the display and automatically switch the original display color into other available colors. Mandatory
VWCCC.REQ.009 : Natural Cooling Mandatory
VWCCC.REQ.010 : should be minimum 500 lumens Mandatory
VWCCC.REQ.011 : ≥ 95% Mandatory
VWCCC.REQ.012 : ≥1500:1 Mandatory
VWCCC.REQ.013 : >600,000:1 Mandatory
VWCCC.REQ.014 : The screen should have adjustable low inter screen gap <1mm to give seamless viewing experience. Mandatory
VWCCC.REQ.015 : 125% of NTSC / 165%of EBU Recommended
VWCCC.REQ.016 : Shall offer in excess of 16.7 million colors. Mandatory
VWCCC.REQ.017 : Burn free, shall have Glass Backing to prevent deformation Mandatory
VWCCC.REQ.018 : Full viewing angle should be minimum 178 degrees Mandatory
VWCCC.REQ.019 : Horizontal : ±35 degrees Mandatory
VWCCC.REQ.020 : Vertical: ±27 degrees Mandatory
VWCCC.REQ.021 : Inbuilt internal splitter which can provide a complete computer or Video image with loop in loop out Mandatory
VWCCC.REQ.022 : Should be customized as per project requirements Mandatory
VWCCC.REQ.023 : 720x400/70Hz, 85HZ
VGA/60Hz, 72Hz, 75Hz, 85Hz
SVGA/60Hz, 70Hz, 75Hz, 85Hz
XGA/60Hz, 70Hz, 75Hz, 85Hz
WXGA( 1280x768)/60 Hz SXGA+/60 Hz,70 Hz,75Hz WUXGA+/60 Hz
UXGA/60 Hz,65Hz,75Hz
QXGA/60Hz( reduced blanking)
Recommended
VWCCC.REQ.024 : System shall automatically search the source which has input signal after signal plug- in. Mandatory
VWCCC.REQ.025 : System should able to switch to secondary DVI input if primary DVI input not available. System should also automatically switch back to primary DVI from secondary DVI input as soon as primary DVI input is available again. Mandatory
VWCCC.REQ.026 : 10 bit motion adaptive interlacing for HD and SD
Detail enhancement (H, V peaking).
Adaptive detail enhancement featuring sharpness and texture enhancement (STE)
Enhanced noise reduction with Mosquito noise reduction (MNR)and Block Artifact Reduction( BAR)
Mandatory
VWCCC.REQ.027 : >80,000 Hours Mandatory
VWCCC.REQ.028 : Dynamic control Mandatory
VWCCC.REQ.029 : Instant hot restart Mandatory
VWCCC.REQ.030 : system shall be operate properly under 5ºC to 50ºC Temperature Mandatory
VWCCC.REQ.031 : -10°C to +60°C Mandatory
VWCCC.REQ.032 : 10% to 90% Mandatory
VWCCC.REQ.033 : The system should be under warranty for minimum 3 years along with support service. Mandatory
VWCCC.REQ.034 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Video Wall Controller

Standard id Standard Clasification
VWC.REQ.001 : Controller to control Display module in a matrix of required with outputs , video inputs and Universal inputs along with necessary software Mandatory
VWC.REQ.002 : Single or Dual Quad Core Intel® Xeon 64-bit 2.0 GHz CPU Recommended
VWC.REQ.003 : Minimum 16GB and Should be upgradable up to 192 GB 1333 DDR3 ECC Registered memory Mandatory
VWC.REQ.004 : 7 slots PCI-E 2.0 Mandatory
VWC.REQ.005 : Minimum 4 TB Hard Disk
Minimum Support up to 4 Hard disk should be available
Hard disk Capacity should be upgradable
 Mandatory
VWC.REQ.006 : RAID 0, 1, 5, 10 support (Windows) Mandatory
VWC.REQ.007 : Dual-port Gigabit Ethernet Controller inbuilt
Support for Add on Network adapters
Support for Optical Fiber interface Adapters
 Mandatory
VWC.REQ.008 : Serial ATA
* Six Serial ATA ports
* Six SATA hard drives supported.
IDE.
* Single EIDE channel supports up to two UDMA IDE devices (IDE-M, IDE-S) including CF(Compact Flash) Card IDE-S)
* Supports UDMA Mode 5, PIO Mode 4, and ATA/100.
LAN.
* 2x RJ45 LAN ports
* 1x RJ45 Dedicated IPMI LAN port.
USB.
* 6x USB rear ports
* 1x USB on-board
* 2x USB internal headers (3 ports)
* Total 10 USB 2.0 Compliant.
VGA
* 1x VGA PortKeyboard / Mouse
* PS/2 keyboard and mouse portsSerial Port / HeaderSerial Port / Header
* 1 Fast UART 16550 serial port
* 1 Fast UART 16550 serial header (Option)
Mandatory
VWC.REQ.009 : IEEE 1394a
* 2x IEEE 1394a ports (1x header)
* ACPI Power Management
* Main Switch Override Mechanism
* Wake-On-Ring (WOR) header
* Wake-On-LAN (WOL) header
* Power-on mode for AC power recovery
* Internal / External modem remote ring-on
 Mandatory
VWC.REQ.010 : The system should be under warranty for minimum 3 years along with support service. Mandatory
VWC.REQ.011 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Video Wall Management Software

Standard id Standard Clasification
VWS.REQ.001 : Should supports Multi client/Console control the Wall layouts Mandatory
VWS.REQ.002 : Software enable user to display, multiple sources up to any size and anywhere on the display wall. Mandatory
VWS.REQ.003 : Software should support to control the Brightness, Contrast, Saturation, Hue, filtering, Crop and Rotate function as per user requirement Mandatory
VWS.REQ.004 : RS232 & TCP/IP support should be available for other interfaces Mandatory
VWS.REQ.005 : Wall can be control from Remote PC through LAN Mandatory
VWS.REQ.006 : Software should support for auto source detection Mandatory
VWS.REQ.007 : Should support for Video, RGB, DVI, ,Internet Explorer, Desktop Application and Remote Desktop Monitoring Layouts Mandatory
VWS.REQ.008 : Software should able to Save and Load desktop layouts from Local or remote machines Mandatory
VWS.REQ.009 : All the Layouts can be scheduled as per user convince.
Software should support auto launch of Layouts according to specified time event by user
 Mandatory
VWS.REQ.010 : VNC Mandatory
VWS.REQ.011 : LAN Mandatory
VWS.REQ.012 : At least 4k x 2k Mandatory
VWS.REQ.013 : Display of multiple sources up to any size, everywhere on the wall Mandatory
VWS.REQ.014 : Software enable user to select following view
Primary Display
Secondary Display
Full Desktop
Selected region
Selected application
 Mandatory
VWS.REQ.015 : The system should be under warranty for minimum 3 years along with support service. Mandatory
VWS.REQ.016 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Desktop

Standard id Standard Clasification
DTP.REQ.001 : To be provided by bidder Mandatory
DTP.REQ.002 : To be provided by bidder Mandatory
DTP.REQ.003 : OEM – ISO 9001 Manufacturer, Certified on supplied OS, DMI 2.0 compliance and support, Energy Star 5, UL certification, Recommended
DTP.REQ.004 : Minimum Intel Core i5, 2.2 GHz, 3 MB Cache, Latest generation Mandatory
DTP.REQ.005 : Latest Intel/OEM Motherboard Mandatory
DTP.REQ.006 : Minimum 8 GB DDR4 RAM with 32 GB Expandability Mandatory
DTP.REQ.007 : Minimum 128 GB SSD and 1 TB 7200 Serial ATA HDD or higher. Or Full 500 GB (minimum) SSD storage drive Mandatory
DTP.REQ.008 : 47 cm (18.5 inch) or larger TFT/LED Digital Color Monitor. Mandatory
DTP.REQ.009 : 3 Nos. or above. Mandatory
DTP.REQ.010 : OEM Mechanical Keyboard with 104 keys Mandatory
DTP.REQ.011 : Optical with USB interface. Mandatory
DTP.REQ.012 : DVD RW (Minimum 16x) or higher Mandatory
DTP.REQ.013 : Micro/ Micro USFF/ All in One Mandatory
DTP.REQ.014 : Minumum 4 USB Ports (with at least 2 in front/side), 1 Serial audio port for microphone and headphone in front. Mandatory
DTP.REQ.015 : 10/100/1000 on board integrated Network Port with remote booting facility remote system installation, remote wake up. Mandatory
DTP.REQ.016 : Integrated Audio and Graphic Controller Mandatory
DTP.REQ.017 : ACPI (Advanced Configuration and Power Management Interface) Mandatory
DTP.REQ.018 : Genuine latest Windows 10 professional preloaded with Media and Documentation and Certificate of Authenticity Mandatory
DTP.REQ.019 : English and Bangla Mandatory
DTP.REQ.020 : Open office or better Mandatory
DTP.REQ.021 : Minimum 3 Years (Comprehensive Onsite) Mandatory
DTP.REQ.022 : The system should be under warranty for minimum 3 years along with support service. Mandatory
DTP.REQ.023 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Laptops

Standard id Standard Clasification
LAP.REQ.001 : To be provided by bidder Mandatory
LAP.REQ.002 : To be provided by bidder Mandatory
LAP.REQ.003 : At least Intel Core i5 (Speed 2.1 Ghz; Cache Memory 3 MB), Latest Genaration Mandatory
LAP.REQ.004 : Latest mobile Intel/OEM Motherboard Mandatory
LAP.REQ.005 : Minimum 8 GB DDR4 RAM with 32 GB Expandability Mandatory
LAP.REQ.006 : Integrated Graphics Controller Mandatory
LAP.REQ.007 : Integrated Sound Controller with speakers (built-in) Mandatory
LAP.REQ.008 : Gigabit Ethernet, Wireless LAN 802.11 b/g/n, Bluetooth Mandatory
LAP.REQ.009 : Minimum 128 GB SSD and 1 TB 7200 Serial ATA HDD or higher. Or Full 500 GB (minimum) SSD storage drive Mandatory
LAP.REQ.010 : Built in DVD - RW Drive (Dual layer) Mandatory
LAP.REQ.011 : Minimum
1 X USB 3.0 ports
2 X USB 2.0 ports
1 X VGA port
HDMI/ DVP/ DP
Audio in, Audio Out
Mandatory
LAP.REQ.012 : 11.1 or 15.5" LED (as per requirement) Mandatory
LAP.REQ.013 : Advanced Power Management feature Mandatory
LAP.REQ.014 : keypad with palm rest, touch pad with scroll/ track point Recommended
LAP.REQ.015 : Scratch resistant chassis Mandatory
LAP.REQ.016 : Minimum 10 points touch screen display Recommended
LAP.REQ.017 : Minimum 4 hours battery backup under standard working conditions using Lithium ion rechargeable battery Mandatory
LAP.REQ.018 : AC Power adaptor and good quality carry case Mandatory
LAP.REQ.019 : Genuine latest Windows 10/11 professional SP1 (64 Bits) preloaded with Media and Documentation and Certificate of Authenticity Mandatory
LAP.REQ.020 : Open Office or better Mandatory
LAP.REQ.021 : English and Bangla Mandatory
LAP.REQ.022 : The system should be under warranty for minimum 3 years along with support service. Mandatory
LAP.REQ.023 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Tablets

Standard id Standard Clasification
TAB.REQ.001 : To be specified by the Bidder Mandatory
TAB.REQ.002 : To be specified by the Bidder Mandatory
TAB.REQ.003 : The handheld device shall have the capability to allow users to access app stores, emails and other mobility functionalities Mandatory
TAB.REQ.004 : The device should be handy, lightweight (not more than 550 gms including battery) and small in size for ease of portability. The device should be very compact and reliable in design to make it immune to any type of vibrations and shocks in normal field activity. Mandatory
TAB.REQ.005 : At least one mini USB / USB interface to allow data sync Mandatory
TAB.REQ.006 : At least 1 Ghz, Quad Core Mandatory
TAB.REQ.007 : Latest version available for Android or Windows or Apple OS Mandatory
TAB.REQ.008 : at least 1GB DDR 3 or better Mandatory
TAB.REQ.009 : at least 16GB memory Mandatory
TAB.REQ.010 : At least 32GB support (optional) Mandatory
TAB.REQ.011 : Primary camera should be at least 5 megapixel Mandatory
TAB.REQ.012 : At least 7 inch TFT / LCD screen or better Mandatory
TAB.REQ.013 : At least Wifi 802.11 b/g/n, GPRS, Edge and 3G facility Mandatory
TAB.REQ.014 : Battery should last at least 8 hours. The device should have low-battery detection and automatic cutoff feature to avoid further drain of the battery. The device must come with an integrated intelligent fast charge capability that allows for full charge in 5 hours or better (preferable). The device should support AC and DC charging Battery Charging with provision for charging through USB interface as well Mandatory
TAB.REQ.015 : The Tablet must have an option to be integrated with a separate key board if required Mandatory
TAB.REQ.016 : Minimum of 8 lines * 20 characters LCD / LED with backlight The Display should be LCD / LED with minimum 128X128 Pixels Mandatory
TAB.REQ.017 : Support to real time clock with the a minimum of 10 years battery back up Mandatory
TAB.REQ.018 : Device should be operational from 5o celcius to 50o celcius. Device should be water resistant and shock resistant. 5 % to 90% relative humidity, non-condescending Mandatory
TAB.REQ.019 : Should support standards such as IEC – 529 – Degree of Protection provided by enclosures, IS : 12063 : 1987 – Classification of Degree of Protection provided by enclosures of electrical items, IS 9000: 1979 – Basic environmental testing procedure for electronic & electronic items, IEC – 1000 – Electromagnetic compatibility, IEC – 1000-4-2 : 1995 – Electrostatic discharge immunity test, IEC – 1000–4-3 : 195 – Radiated, radio – frequency electromagnetic field immunity test, Magnetic immunity test, CISPAR 22 – Limits and method of measurement of radio disturbance characteristics of information technology equipment. Device should be ROHS complaint. PCI PED Complaince. ISO8583/SDLC compliant. 3DES, AES, RSA, DUKPT Key Mangement. ISO7816 compliant Mandatory
TAB.REQ.020 : Device to be ergonomically designed and be provided with suitable holding strap for proper gripping and have a case to carry the device. Mandatory
TAB.REQ.021 : The device must be protected against a static discharge without loss of data. Mandatory
TAB.REQ.022 : Functional after drop from 3 feet on concrete floor Mandatory
TAB.REQ.023 : Comprehensive on-site warranty for the contract period. Warranty to cover both hardware and software. Mandatory
TAB.REQ.024 : English and Bangla Mandatory
TAB.REQ.025 : Biomteric access to the device (preferably) Mandatory
TAB.REQ.026 : Should support GSM/GPRS for connecting to the MTS system for data exchange Other networks: WiFi, TCP/IP Mandatory
TAB.REQ.027 : Should be able to update the application on-air Mandatory
TAB.REQ.028 : The system should be under warranty for minimum 3 years along with support service. Mandatory
TAB.REQ.029 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

UPS

Standard id Standard Clasification
UPS.REQ.001 : To be provided by bidder Mandatory
UPS.REQ.002 : To be provided by bidder Mandatory
UPS.REQ.003 : 1 KVA Mandatory
UPS.REQ.004 : Voltage Range 155 – 280 V on Full Load Voltage Range 110 – 280 V on less than 70% Load Mandatory
UPS.REQ.005 : 230 +/- 1% Pure Sine Wave Mandatory
UPS.REQ.006 : 0.8 or higher power factor Mandatory
UPS.REQ.007 : Sealed Maintenance Free Battery, Mains & Battery with necessary indicators, alarms and protection with proper battery storage stand Mandatory
UPS.REQ.008 : 50 Hz +/- 10%, 50Hz +/- 0.1%; Mandatory
UPS.REQ.009 : Minimum 3:1 Mandatory
UPS.REQ.010 : < 3% Mandatory
UPS.REQ.011 : < 10% Mandatory
UPS.REQ.012 : Minimum 90% on Full Load; Mandatory
UPS.REQ.013 : < 55 db; Mandatory
UPS.REQ.014 : at least 120 minutes Mandatory
UPS.REQ.015 : 3 years onsite comprehensive warranty UPS & battery Mandatory
UPS.REQ.016 : ISO 9001, 14001 & CE Mandatory
UPS.REQ.017 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Multi-function printers

Standard id Standard Clasification
MFD.REQ.001 : To be provided by bidder Mandatory
MFD.REQ.002 : To be provided by bidder Mandatory
MFD.REQ.003 : Up to 25 ppm (A4) Mandatory
MFD.REQ.004 : Up to 600 x 600 dpi Mandatory
MFD.REQ.005 : Up to 8000 pages Mandatory
MFD.REQ.006 : Yes Mandatory
MFD.REQ.007 : Print, Copy, Scan & Fax Mandatory
MFD.REQ.008 : Yes (Minimum 10/100 mbps) Mandatory
MFD.REQ.009 : Yes Mandatory
MFD.REQ.010 : Minimum 256 MB Mandatory
MFD.REQ.011 : 500 MHz or higher Mandatory
MFD.REQ.012 : Windows/ Linux OS Mandatory
MFD.REQ.013 : USB 2.0 or 3.0 as per requirement Mandatory
MFD.REQ.014 : USB & power cable Mandatory
MFD.REQ.015 : The system should be under warranty for minimum 3 years along with support service. Recommended
MFD.REQ.016 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Color Printers

Standard id Standard Clasification
CP.REQ.001 : To be provided by bidder Mandatory
CP.REQ.002 : To be provided by bidder Mandatory
CP.REQ.003 : Up to 15 ppm (A4) Mandatory
CP.REQ.004 : Up to 600 x 600 dpi Mandatory
CP.REQ.005 : Up to 50000 pages Mandatory
CP.REQ.006 : Yes Mandatory
CP.REQ.007 : A4, Legal, letter, envelope etc. Mandatory
CP.REQ.008 : Yes (Minimum 10/100 mbps) Mandatory
CP.REQ.009 : Yes Mandatory
CP.REQ.010 : Minimum 256 MB Mandatory
CP.REQ.011 : USB 2.0 Mandatory
CP.REQ.012 : Windows/ Linux Operating System Mandatory
CP.REQ.013 : USB & power cable and driver CD for Linux and Windows Mandatory
CP.REQ.014 : The system should be under warranty for minimum 3 years along with support service. Mandatory
CP.REQ.015 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Barcode printer

Standard id Standard Clasification
BAS.REQ.001 : To be provided by bidder Mandatory
BAS.REQ.002 : To be provided by bidder Mandatory
BAS.REQ.003 : USB Mandatory
BAS.REQ.004 : 203 dpi Mandatory
BAS.REQ.005 : 4 ips Mandatory
BAS.REQ.006 : Thermal transfer/ Direct thermal Mandatory
BAS.REQ.007 : PCX, BMP and others Mandatory
BAS.REQ.008 : Starting 25 mm Mandatory
BAS.REQ.009 : Roll stock, Fanfold, Tag stock Mandatory
BAS.REQ.010 : Minimum 2 MB flash and 4 Mb SDRAM Mandatory
BAS.REQ.011 : Windows/ Linux Mandatory
BAS.REQ.012 : 1D/ GS1 databar; 2D/ Composite codes; QR codes and true type fonts Mandatory
BAS.REQ.013 : Stacker, cutter Mandatory
BAS.REQ.014 : The system should be under warranty for minimum 3 years along with support service. Mandatory
BAS.REQ.015 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Barcode scanner

Standard id Standard Clasification
BAP.REQ.001 : To be provided by bidder Mandatory
BAP.REQ.002 : To be provided by bidder Mandatory
BAP.REQ.003 : USB Mandatory
BAP.REQ.004 : Minimum 200 per second Mandatory
BAP.REQ.005 : Imager Mandatory
BAP.REQ.006 : 35% Mandatory
BAP.REQ.007 : 5 mil Mandatory
BAP.REQ.008 : 5 mil/ 9 cm and 13 mil/ 20 cm Mandatory
BAP.REQ.009 : UPC- A/ UPC - E, EAN 13, JAN 13, CODBAR, ADD - ON - 2, ADD - ON - 5, CODE - 93 and industrial codes, interleaved 2 of 5, EAN 128 Mandatory
BAP.REQ.010 : The system should be under warranty for minimum 3 years along with support service. Mandatory
BAP.REQ.011 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory

Web camera

Standard id Standard Clasification
CAM.REQ.001 : To be provided by bidder Mandatory
CAM.REQ.002 : To be provided by bidder Mandatory
CAM.REQ.003 : 3 mega pixel Mandatory
CAM.REQ.004 : CMOS Mandatory
CAM.REQ.005 : 2X (Minimum) Mandatory
CAM.REQ.006 : high speed, low light auto focus Mandatory
CAM.REQ.007 : USB/Wireless Mandatory
CAM.REQ.008 : through USB Mandatory
CAM.REQ.009 : All leading Operating Systems such as Windows, Linux, Unix etc Mandatory
CAM.REQ.010 : The system should be under warranty for minimum 3 years along with support service. Mandatory
CAM.REQ.011 : The system should not reach end of life and end of service within 5 years from the date of purchase. Mandatory