File #: A 21-098    Name: Trimarc Security LLC
Type: BoS Agreement Status: Passed - Information Technology Department
File created: 3/18/2021 In control: Board of Supervisors
On agenda: 4/6/2021 Final action: 4/6/2021
Title: a) Approve and authorize the Director of the Information Technology Department to execute a Non-Disclosure Agreement, and non-standard Agreement with Trimarc Security LLC for consulting services to conduct Active Directory Security Assessment of the production Active Directory environment for the term of April 1, 2021 to June 30, 2021 in the amount not to exceed $42,250; and b) Authorize the Director of the Information Technology Department to execute documents and a Non-Disclosure Agreement as are necessary to implement the agreement with Trimarc Security LLC; and c) Accept non-standard contract provisions as recommended by the Director of Information Technology; and d) Authorize the Director of Information Technology to sign up to two (2) amendments to this Agreement, extending the term if needed, subject to County Counsel review, and provided that the terms and conditions of the agreement remain substantially the same.
Attachments: 1. Board Report, 2. Trimarc Security LLC Agreement, 3. Trimarc Security LLC Scope of Work, 4. Non-Disclosure Agreement, 5. Completed Board Order Item No. 14

Title

a) Approve and authorize the Director of the Information Technology Department to execute a Non-Disclosure Agreement, and non-standard Agreement with Trimarc Security LLC for consulting services to conduct Active Directory Security Assessment of the production Active Directory environment for the term of April 1, 2021 to June 30, 2021 in the amount not to exceed $42,250; and

b) Authorize the Director of the Information Technology Department to execute documents and a Non-Disclosure Agreement as are necessary to implement the agreement with Trimarc Security LLC; and

c) Accept non-standard contract provisions as recommended by the Director of Information Technology; and

d) Authorize the Director of Information Technology to sign up to two (2)

amendments to this Agreement, extending the term if needed, subject to County Counsel review, and provided that the terms and conditions of the agreement remain substantially the same.  

Report

RECOMMENDATION:

It is recommended that the Board of Supervisors:

a) Approve and authorize the Director of the Information Technology Department to execute a Non-Disclosure Agreement, and non-standard Agreement with Trimarc Security LLC for consulting services to conduct Active Directory Security Assessment of the production Active Directory environment for the term of April 1, 2021 to June 30, 2021 in the amount not to exceed $42,250; and

b) Authorize the Director of the Information Technology Department to execute documents and a Non-Disclosure Agreement as are necessary to implement the agreement with Trimarc Security LLC; and

c) Accept non-standard contract provisions as recommended by the Director of Information Technology; and

d) Authorize the Director of Information Technology to sign up to two (2)

amendments to this Agreement, extending the term if needed, subject to County Counsel review, and provided that the terms and conditions of the agreement remain substantially the same.  

 

SUMMARY:

Trimarc Security LLC  is a leading organization in cyber security, specifically the Windows platform providing security recommendations and solutions for government, educational institutions as well as private companies.

 

The proposed agreement will provide the County an Active Directory Security Assessment (ADSA) and provide the County with a report highlighting any security issues along with mitigation/resolution recommendations.

 

DISCUSSION:

The County’s IT Department is embarking on reviewing and improving the security of our Active Directory and Azure Active Directory (Office 365) environments. The first portion of this involves an assessment of the security of our IT Active Directory Service (AD).  AD houses all the user and computer accounts and permissions in the county and provides single sign-on authentication to local and cloud-based services used by the county.  This assessment scans the AD environment, shining a light on any dark, forgotten corners and unravels the spider-web of permissions collected over many years. It identifies multiple potential AD attack escalation paths and provides written recommendations that are actionable, prioritized, and customized to our environment so they can be implemented more quickly (and phased in over time) to effectively mitigate them.  

 

OTHER AGENCY INVOLVEMENT:

County Counsel does not approve non-standard agreement provisions.

 

FINANCING:

The funds for payment of the costs of this Agreement have been included in the FY 20-21 Approved Budget for the Information Technology, ITD 1930, Unit s/b 8434 Appropriations Unit INF002.

 

BOARD OF SUPERVISORS STRATEGIC INITIATIVES:

The services provided pursuant to this agreement will continue to support county-wide network system.

__Economic Development

X Administration

__Health & Human Services

X Infrastructure

__Public Safety

 

Prepared by: Sandra Shaffer, Management Analyst III, 759-6957

 

Approved by:

 

 

 

______________________________________ Date: _________

Eric A. Chatham, Director of Information Technology, 759-6920

 

Attachments:

Trimarc Security LLC Agreement

Trimarc Security LLC Scope of Work

Non-Disclosure Agreement

 

Attachments on file with the Clerk of the Board