Title
a) Approve and authorize the Director of the Information Technology Department to execute a Non-Disclosure Agreement, and non-standard Agreement with Trimarc Security LLC for consulting services to conduct Active Directory Security Assessment of the production Active Directory environment for the term of April 1, 2021 to June 30, 2021 in the amount not to exceed $42,250; and
b) Authorize the Director of the Information Technology Department to execute documents and a Non-Disclosure Agreement as are necessary to implement the agreement with Trimarc Security LLC; and
c) Accept non-standard contract provisions as recommended by the Director of Information Technology; and
d) Authorize the Director of Information Technology to sign up to two (2)
amendments to this Agreement, extending the term if needed, subject to County Counsel review, and provided that the terms and conditions of the agreement remain substantially the same.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
a) Approve and authorize the Director of the Information Technology Department to execute a Non-Disclosure Agreement, and non-standard Agreement with Trimarc Security LLC for consulting services to conduct Active Directory Security Assessment of the production Active Directory environment for the term of April 1, 2021 to June 30, 2021 in the amount not to exceed $42,250; and
b) Authorize the Director of the Information Technology Department to execute documents and a Non-Disclosure Agreement as are necessary to implement the agreement with Trimarc Security LLC; and
c) Accept non-standard contract provisions as recommended by the Director of Information Technology; and
d) Authorize the Director of Information Technology to sign up to two (2)
amendments to this Agreement, extending the term if needed, subject to County Counsel review, and provided that the terms and conditions of the agreement remain substantially the same.
SUMMARY:
Trimarc Security LLC is a leading organization in cyber security, specifically the Windows platform providing security recommendations and solutions for government, educational institutions as well as private companies.
The proposed agreement will provide the County an Active Directory Security Assessment (ADSA) and provide the County with a report highlighting any security issues along with mitigation/resolution recommendations.
DISCUSSION:
The County’s IT Department is embarking on reviewing and improving the security of our Active Directory and Azure Active Directory (Office 365) environments. The first portion of this involves an assessment of the security of our IT Active Directory Service (AD). AD houses all the user and computer accounts and permissions in the county and provides single sign-on authentication to local and cloud-based services used by the county. This assessment scans the AD environment, shining a light on any dark, forgotten corners and unravels the spider-web of permissions collected over many years. It identifies multiple potential AD attack escalation paths and provides written recommendations that are actionable, prioritized, and customized to our environment so they can be implemented more quickly (and phased in over time) to effectively mitigate them.
OTHER AGENCY INVOLVEMENT:
County Counsel does not approve non-standard agreement provisions.
FINANCING:
The funds for payment of the costs of this Agreement have been included in the FY 20-21 Approved Budget for the Information Technology, ITD 1930, Unit s/b 8434 Appropriations Unit INF002.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The services provided pursuant to this agreement will continue to support county-wide network system.
__Economic Development
X Administration
__Health & Human Services
X Infrastructure
__Public Safety
Prepared by: Sandra Shaffer, Management Analyst III, 759-6957
Approved by:
______________________________________ Date: _________
Eric A. Chatham, Director of Information Technology, 759-6920
Attachments:
Trimarc Security LLC Agreement
Trimarc Security LLC Scope of Work
Non-Disclosure Agreement
Attachments on file with the Clerk of the Board