Description
The Managed Firewall service establishes the customer’s perimeter access behind a professionally managed firewall. Customer rulesets, operations and traffic are segregated using the hardware platform's virtual system functionality. Service availability, including triage and investigation of security issues, is monitored in the state’s Security Operations Center (SOC), where 24x7x365 monitoring and staffing ensure the highest level of network protection.
- Key Features and Benefits
- All services are delivered in compliance with the State of South Carolina's information security policies, as presented in SCDIS-200.
- Services are provided on highly available, redundant next-generation firewall clusters.
- Support for point-to-point VPN tunnel to other organizations.
- Granular application (layer 7) based filtering.
- Flexible user-based permission or restrictions.
- Centralized management of security rules.
- Consistent security posture.
- A comprehensive view of perimeter security events.
- Timely protection from advanced threats.
- 24x7x365 monitoring and management.
- Centralized management of hardware and software licensing.
- Protects web applications from malicious requests and traffic.
- Create custom rules and policies to tailor protections to your specific needs.
- Generate comprehensive reports on attacks or legitimate traffic.
- OTIS manages traffic and maintains security to protect the state and our customers.
Service Scope
- Physical Security & Facilities
- Host all managed firewall technologies in the State Data Center, which has appropriate physical and environmental security controls such as biometric access control, internal and external security camera coverage, 24x7x365 armed uniformed officer, conditioned UPS power, emergency power, fire detection and suppression and temperature control.
- Management and monitoring of physical security to the data center.
- Management and monitoring of the data center environment (e.g., racks, power and cooling).
- Management of emergency response for man-made and natural disasters.
- Redundant electrical power and cooling infrastructure is provided.
- Hardware
- Installation and configuration of OTIS-owned firewalls.
- Provision, host, maintain and refresh all virtual firewall infrastructure in the State Data Center.
- Virtual firewalls are designated as:
- Virtual Firewall System – Small – contains up to 50 rules.
- Virtual Firewall System – Mid-Small – contains between 51 and 100 rules.
- Virtual Firewall System – Medium – contains between 101 and 200 rules.
- Virtual Firewall System – Mid-Large – contains between 201 and 350 rules.
- Virtual Firewall System – Large – contains more than 350 rules.
- Software
- Management and monitoring software tools and technologies associated with firewall management, including:
- usage reporting,
- monitoring,
- performance analysis and reporting,
- alert and event management, and
- incident management.
- Management and monitoring software tools and technologies associated with firewall management, including:
- Support & Administration
- Monitoring, alerting and providing incident resolution through the Division of Technology Operations (DTO) Service Desk and OTIS technical support staff.
- OTIS provides support 24x7x365 (24 hours a day, seven days a week, 365 days a year).
- Planned maintenance is performed Sunday between 6:00 a.m.–10:00 a.m. Customer will have a dedicated resource to coordinate restoration of service after maintenance unless otherwise notified.
- Exclusions
- Customer-owned equipment or firewalls that are not part of the shared services infrastructure are not eligible for OTIS support.
- Prerequisites
- Required service(s) for eligible customers:
- Managed Router
- Customers must submit service requests to OTIS in advance, as described below:
- Contact OTIS at least 30 days before new service installations or office moves when existing network infrastructure exists.
- Contact OTIS at least 60 days before new service installations or office moves when no existing network infrastructure exists. Depending on customer requirements, location and need for vendor support, more advanced notice may be needed.
- OTIS may need approval from the customer agency director and Admin chief information officer (CIO) to support requests submitted outside the advance notice requirements, and additional funding may be required to cover overtime, vendor fees and other costs.
- Required service(s) for eligible customers:
Responsibilities
OTIS and Customer Responsibilities
| Responsibilities | OTIS | Customer |
|---|---|---|
| Data Center Facilities | ||
| Data center power, cooling and related support infrastructure. | Image
| |
| Data center network infrastructure. | Image
| |
| Data center facilities physical security. | Image
| |
| Data center facilities structure maintenance and enhancements. | Image
| |
| Managed Firewall Service | ||
| Plan, provision and maintain the shared firewall infrastructure (hardware and software). | Image
| |
| Defining requirements for creating customer firewall rules. | Image
| |
| Configuring and maintaining firewall rules. | Image
| |
| Provide approval to OTIS to make firewall rule changes. | Image
| |
| Contact the DTO Service Desk to report an incident. | Image
| |
| Troubleshoot, and resolve the shared firewall infrastructure (hardware and software) issues. | Image
| |
Service Level Objectives
| Service Level Name | Description | Target Service Level |
|---|---|---|
| Incident Response – Severity 1 and 2 | Means the percentage of time it took for a Severity Level 1 and Level 2 Incidents to be acknowledged and worked by OTIS within the applicable timeframes in the Service Level Definition. | 99.00% |
| Incident Response – Severity 3 and 4 | Means the percentage of time it took for a Severity Level 3 and Level 4 Incidents to be acknowledged and worked by OTIS within the applicable timeframes in the Service Level Definition. | 95.00% |
| Service Request Fulfillment Timeliness | Means the percentage of time OTIS successfully completes “Service Requests” (defined as requests that are not automated self-provisioned or that do not require solution proposal development; examples of such requests include provisioning ID access, password resets, Service Catalog requests, IMACDs) within the applicable timeframes. | 96.00% |
Service Rates
Call for pricing.
Service Contacts
To report issues related to this service, customers should contact the Division of Technology Operations (DTO) Service Desk (servicedesk@admin.sc.gov).
For additional information on this service customers should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov).
Estimate Initial Service Delivery Time
The initial service delivery time will vary based on the project scope. Customers should contact their Agency Relationship Management (ARM) representative to initiate the Request for Solution (RFS) process to request a solution and target delivery time.
Eligible Customers
| Customer Entity Type | Eligible |
|---|---|
| State Agencies | Yes |
| Local Government Entity including Municipality and County | No |
| Higher Education | No |
How To Order
Customers should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) to acquire these services.
