The Vendor is required to provide an internet of things (IoT) and operational technology (OT) visibility, management and security solution.
- Solution is expected to integrate with college existing IT and security ecosystem, scale to institutional needs, and support long-term operational and security objectives.
- Technical Requirements
• The solution must be purpose-built for IoT, IoMT, and OT visibility and security and not a general-purpose IT asset management or endpoint security platform.
• The solution must automatically discover IoT, IoMT, and OT devices across campus networks without active scanning or agents.
• The solution must accurately identify and classify the non-traditional devices beyond IP/MAC-based methods.
• The solution must natively support industrial, building automation, medical, and proprietary protocols commonly used in higher education environments.
• The solution must provide centralized visibility across multiple campuses data centers, and cloud-connected networks.
• The solution must assess device risk and exposure without requiring direct access, agents, or credentials on devices.
• The solution must have open APIs and/or native integrations with enterprise security and IT platforms (e.g. SIEM, NAC, firewalls).
• The solution must support single sign-on (SSO) using Microsoft Entra ID.
• The solution must support a granular role-based access control (RBAC) model that allows more than just basic unprivileged and admin roles.
• The solution must scale to support tens of thousands of devices.
• The solution must integrate with, and not require replacement of, existing core IT and security infrastructure.
- The solution is expected to provide detailed and high-fidelity identification of devices, including manufacturer, model, firmware version, function, and operational role. It should distinguish between IT, IoT, OT, and specialized academic or medical devices, and support operational decisions such as maintenance planning, security response, and lifecycle management.
- The solution should analyze device behavior and network activity to provide context-aware insights. It should distinguish normal operational behavior from anomalous or potentially risky activity, supporting both security monitoring and operational continuity without generating excessive false alerts.
- The solution should provide a unified view of devices, communications, and dependencies across campuses, facilities, and cloud environments. It should visualize device relationships, network topology, and operational status, supporting operational teams, IT staff, and security personnel in day-to-day decision-making.
- The solution is expected to provide continuous evaluation of device risk, considering behavioral anomalies, vulnerabilities, configuration weaknesses, and lifecycle status. Risk information should be contextualized to institutional impact and support prioritization of operational or security actions.
- The solution should monitor device availability, communications, and dependencies, providing operational insights relevant to facilities, research, medical, and academic environments. Reports and dashboards should clearly differentiate between operational anomalies and security incidents.
- The solution should be able to integrate with existing IT and security infrastructure, including SIEM, NAC, firewalls, and asset management systems, to enrich workflows and provide IoT/OT-specific context without replacing existing core systems.
- The solution should provide a modern, web-based interface with role-based views for different teams. Visualizations should clearly show device relationships, network structure, and operational status, enabling efficient day-to-day monitoring and incident response.
- The solution should be designed to scale across multiple campuses and tens of thousands of devices, support emerging IoT/OT technologies, and align with evolving security and operational requirements to ensure long-term sustainability.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: February 19, 2026
