My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025 Regular & Special SA
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />ASM I As a monitoring service, ASM is considered to be SaaS. <br />Virtru <br />The capability provided to the consumer is to use the provider's applications running on a cloud <br />infrastructure2 . The applications are accessible from various client devices through either a thin <br />client interface, such as a web browser (e.g., web -based email), or a program interface. The <br />consumer does not manage or control the underlying cloud infrastructure including network, <br />servers, operating systems, storage, or even individual application capabilities, with the possible <br />exception of limited userspecific application configuration settings. <br />Salesforce <br />Salesforce's deployment model is a "public" cloud infrastructure, as defined by NIST 800-145. In <br />the Salesforce Government Cloud, an agency dynamically provisions computing resources over <br />the Internet on our multi -tenant infrastructure. This is a cost effective deployment model for <br />agencies as it gives them the flexibility to procure only the computing resources they need and <br />delivers all services with consistent availability, resiliency, security, and manageability. <br />Salesforce was the first Cloud Service Provider to attain FedRAMP Authority to Operate for both <br />Software as a Service (SaaS) and Platform as a Service (PaaS), consistent with the FedRAMP <br />moderate baseline controls. Salesforce does not provide IaaS as a direct service offering to our <br />customers, it is an underlying part of our PaaS and SaaS offerings. <br />Salesforce Government Cloud <br />In May 23, 2014 Salesforce achieved a FedRAMP Agency Authority to Operate at the moderate <br />impact level (as described in FIPS 199 and 200) issued by Health and Human Services (HHS) for <br />the Salesforce Government Cloud. Additionally, on May 15, 2015, HHS, as the FedRAMP <br />authorizing agency, approved the Salesforce Government Cloud authorization package that was <br />updated based on annual attestation requirements and updates to the FedRAMP baseline which is <br />FISMA compliant and based on the current release of NIST SP 800-53 Rev. 4. <br />Testing for the ATO was performed by a third party assessment organization (3PAO). The <br />Salesforce Government Cloud information system and authorization boundary, is comprised of the <br />Force.com Platform, Salesforce Services (Sales Cloud, Service Cloud, Chatter), and the backend <br />infrastructure (servers, network devices, databases, storage arrays) that support the operations of <br />these products, referred to as the General Support System (GSS). <br />To obtain compliance with FedRAMP, Salesforce conducted security assessment and <br />authorization activities in accordance with FedRAMP guidance, NIST SP 800-37, and HHS <br />guidance. As part of this process Salesforce documented a System Security Plan (SSP) for the <br />Salesforce Government Cloud service offering. The SSP is developed in accordance with NIST <br />SP 800-18, Guide for Developing Federal Information System Security Plans. The SSP identifies <br />control implementations for the GSS and in -scope customer facing products (Force.com Platform, <br />Salesforce Services) according to the FedRAMP moderate baseline and HHS security control <br />parameters. A security assessment of the information system was conducted by a third party <br />assessment organization (3PAO) in accordance with NIST 800-53A and FedRAMP requirements. <br />The security assessment testing determined the adequacy of the management, operational, and <br />technical security controls used to protect the confidentiality, integrity, and availability of the <br />Salesforce service and the customer data it stores, transmits and processes. <br />To maintain compliance with FedRAMP, Salesforce conducts continuous monitoring. Continuous <br />monitoring includes ongoing technical vulnerability detection and remediation, remediation of open <br />compliance related findings, and at least annual independent assessment of a selection of security <br />controls by 3PAO. As part of our FedRAMP annual assessment, Salesforce is now aligned with <br />NIST SP 800-53, Rev. 4 controls. <br />ServiceNow <br />ServiceNow's architecture aligns with Software as a Service (SaaS). <br />carahsoft 179 carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.