TENDER SCHEDULE

i. ISO27001:2022 Consultancy, Implementation & Certification

ii. Comprehensive Vulnerability Assessment & Penetration Testing
iii. Next Generation Security Information and Event Management (NG-
SIEM) for Jamuna Bank PLC.

Tender Reference: JBPLC/ICTD/TENDER/2024/03

Date: 17-11-2024
Schedule Serial No.:

Information & Communication Technology Division

Corporate Head Office
rd
Jamuna Bank Tower (3 Floor), Plot # 14, Bir Uttam A K Khandaker Road, Block- C
Gulshan-1, Dhaka-1212, Bangladesh
Tel.: 16742 (Ext-5235)
E-mail : procurement@jamunabank.com.bd
web : www.jamunabankbd.com

The document is provided as Request for Proposal.

This is a confidential document and should not be shared without the written consent from Bank.

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 1 of 21

Scope of Bid:
Jamuna Bank PLC of Bangladesh wishes to receive bids from the bona fide firms for 1) ISO27001:2022
Consultancy, Implementation and Certification, 2) Vulnerability Assessment & Penetration Testing & 3) Next
Generation Security Information and Event Management (NG-SIEM) for Jamuna Bank PLC.
Bidder’s Eligibility for ISO27001:2022 Certification:
1. Bidder should have at least 05 (Five) years experience conducting ISO 27001 projects in Bangladeshi
Organizations (Must submitted Work Completion Letter).
2. Bidder should have registered office in Bangladesh at least for last 05 (Five) years.
3. Lead Consultant with minimum of least 05 (Five) years' hands-on experience in Information Security and IS
Audit.
4. Bidder will be able to show/ provide proof of minimum 03 (three) completed live site locally.
5. Bidder must be ISO 27001 certified.
6. Bidder must be direct part of well reputed International ISO Certification Body.
7. Bidder must have valid insurance coverage for the following:
a) Workers' Compensation: Statutory coverage as required by law.
b) Employer‟s Liability: $1,000,000 minimum coverage.
c) Commercial General Liability: $1,000,000 per occurrence, $2,000,000 annual aggregate.
d) Crime/Fidelity Bond: $1,000,000 minimum per loss and annual aggregate.
e) Technology Errors & Omissions, Cyber-Risk, and Privacy Liability: $2,000,000 per claim and annual
aggregate.
8. Certified Professionals in the team:
a) Minimum 3 ISO 27001 LA certified
b) Minimum 3 ISO 27001 LI Certified
c) Minimum 1 CISSP Certified
d) Minimum 3 CISA Certified
e) Minimum 2 CC Certified
9. Bidder will provide “ISO 27001 Lead Auditor” training for 5 Personnel and ISO 27001 Lead Implementer
training for 5 Personnel.

Bidder’s Eligibility for VAPT:

1. Bidder should have at least 03 (Three) years of experience for conducting VA & PT projects in Bangladeshi
organizations
2. Bidder should have 08 VAPT work completion experience in Bangladesh (must submit work completion
letter)
3. Bidder will be able to show/ provide proof of minimum 03 (three) completed live site locally.
4. Bidder must have valid insurance coverage for the following:
a) Workers' Compensation: Statutory coverage as required by law.
b) Employer‟s Liability: $1,000,000 minimum coverage.
c) Commercial General Liability: $1,000,000 per occurrence, $2,000,000 annual aggregate.
d) Crime/Fidelity Bond: $1,000,000 minimum per loss and annual aggregate.
e) Technology Errors & Omissions, Cyber-Risk, and Privacy Liability: $2,000,000 per claim and
annual aggregate.
5. The bidder should be a company registered and working in Bangladesh.
6. Bidder resources must have experience in Web Application Security Testing, Mobile Application Security
Testing, Network, Firewall, and Systems or Infrastructure Security Testing.
7. Bidders are required to demonstrate a consistent physical presence in end-to-end projects annually,
encompassing activities such as conducting Vulnerability Assessment, Penetration Testing

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 2 of 21

 8. The bidder must provide a dedicated scanner specifically allocated for Jamuna Bank premises to conduct
Vulnerability Assessments for the entirety of its 4300 IP addresses.
9. VAPT tools must be authentic renowned and licensed.
10. Certified Professionals in the team:
a) Minimum 3 resources with CEH Certified
b) Minimum 2 resources with CEH Practical Certified
c) Minimum 1 resource with OSCP/LPT Certified
d) Minimum 1 resource with CISSP Certified

Bidder’s Eligibility for NG-SIEM:

1. The bidder should be renowned in cyber security solution and have related expertise with minimum 05
(Five) years experience.
2. Bidder should have at least 01 (SIEM) implementation experience in Bangladesh (must submit work
completion letter).
3. Bidder should have registered office in Bangladesh at least for last 05 (Five) years.
4. The offered SIEM solution must be internationally reputed and reliable (having report position in Gartner).
5. The vendor must provide 24/7 support pursuant to Service Level Agreements (SLAs) outlining response
and resolution times for critical incidents.
6. The bidder will provide OEM training for 04 (Four) persons in JBPLC premises and OEM training for 03
(Three) persons in OEM premises.

General Terms & Conditions:

1. Bidder should have registered office in Bangladesh at least for last 05 (Five) years.
2. The bidder should be a legal entity and a registered company that has not been prohibited by Bangladeshi
court(s) to enter into contracts.
3. The Bidder must submit the offer in an envelope which will contain the full name, address of the participant
company. The name, address and telephone number of the contact person should be mentioned in the
forwarding letter submitted with the offer.
4. Your offered prices should be valid for the next 05 (Five) months from the date of your final offer.
5. All the pages of the tender schedule as well as all the offered documents should be duly signed by the authority
of the bidder.
6. Successful bidder/vendor shall have to start the work within 10 (Ten) days from the date of issuance of work
order. An NDA should also be performed with the Bank.
7. OEM technical documents or data sheet have to be provided for NG-SIEM.
8. A photocopy of all the relevant documents should be submitted with the offer including:
i. Valid Trade License
ii. VAT and TIN certificate
iii. List of Corporate Clients
9. Warranty of NG-SIEM should be 3-5 years. Bidder will submit offer for AMC price for SIEM applicable after
expiry of warranty.

10. Distribution of tender Schedule: Tender Schedule will be available from 17-11-2024 to 27-11-2024 (10.30
am- 4.00 pm) from ICT Division.

11. Submission of Tender:

a) Sealed tender must be dropped in the tender box kept in ICT Division on 28-11-2024 (From 10:30 AM to
3:00 PM). No late submission shall be received by the Bank after opening of the Tender Box.

b) The bidders are advised to submit their tender, mentioning "Technical Offer" & “Financial Offer"
separately in 02 (two) separate envelopes and both should be dropped in the Tender Box entering into a
single bigger size envelope. You have to submit the soft copy of the bid in Pen drive for the use of the Bank.

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 3 of 21

 c) Bidders/Vendors may submit offers for any single or all products. They may bid for single/multiple Lots
as well.

12. Opening of Tender: Tender Box will be opened on 28-11-2024 at 3:30 PM in presence of the bidders (if any).
13. Submission of Papers: Any quotation found using the name of a company of which the Bidders/Vendors are
not the owners, will not be accepted. The following documents are to be submitted:-
a) Work completion certificate
b) Local office address, contact number and profiles of technical personnel, who will provide instant local
support and Services
c) Valid Trade License, TIN & VAT Certificate
d) Valid certificate of Reseller/Authorized Dealer/ Supplier from the manufacturer (OEM)

14. The Bank reserves the right not to accept the lowest bidder and to reject any Tender or part thereof or whole
tender without assigning any reason whatsoever. Any decision of the Bank in this regard shall be final, and
binding on the bidders.

15. The Bank reserves the right to relax, change or drop any of the terms and conditions of this tender schedule
without any further notice.

16. After receiving work order, vendors cannot deny to supply ordered products. Such refusal will be considered as
unprofessional business attitude and Bank may Blacklist such participants.

Payment terms & conditions:

For ISO27001 certification:
i. All the prices should be mentioned in Bangladesh Taka (BDT). The payment will also be made in BDT.
st
iii. 40 % payment will be made after submission of the Gap analysis report (1 Year)
iv. 30% payment will be made after the submission of prepared document, remediation consultancy,
st
awareness & Implementation ((1 Year).
st
v. 30% payment will be made after submission of the final report (1 Year) and training completion.
nd rd
vi. For 2 Year and 3 Year 100% payment after submission of the surveillance Audit Report.

For ISO27001 certification:

90% payment be made after the submission of primary validation report.
10% payment be made after the submission of revalidation report.

For NG-SIEM:
Payment will be made by Jamuna Bank PLC after successful installation, online operation and submission of bill.

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 4 of 21

 Technical Specifications

LOT - A

ISO27001:2022 CONSULTANCY, IMPLEMENTATION AND

CERTIFICATION

Scope & Documentation

Scoping Information for Bidders:

a) Number of Location: 02 (Two)

b) In Scope Division/Activities/Business functions: ICT Division, Card Division, ADC Division, Data Center,
NDC
c) Support functions: HR, IT, Risk Management and Internal Audit
d) Number of personnel in company: 3500
e) Number of personnel to be:
covered by the assessment: 60
f) Number of personnel involved directly in ensuring security of information: 4

Scope of the project:

The whole project is under single package. Detailed scopes are as follows:

 Conduct ISO27001 gap analysis based on the ISO 27001:2022 requirements (To be conducted by
proposed Certification body)
 Develop policies, Procedure, standard & other documents required for ISMS
 Preparation of Statement of Applicability
 Remediation support to implement controls by proven consultant
 Conduct risk assessment
 Support internal audit
 Certification audit by Certification body
 Perform surveillance audit

Required Activities:
 Identifying and documenting the scope of ISO 27001 certification.
 Service Provider needs to identify functional areas and processes to be covered in the scope and
documenting the scope as per ISO 27001 certification requirement.
 Reviewing of ISMS policy, processes and systems and procedures relevant to managing risk and improving
information security to deliver results in accordance with the organization‟s overall policies and objectives.
 Conducting of ISO 27001 Gap assessment. Service Provider shall conduct gap assessment against the
ISO 27001 standard and provide the current status of ISMS to Jamuna Bank management. The identified
service provider (Local company) is required to provide assistance to Jamuna Bank internal team for
closure of audit findings.
 Preparation of guidelines, procedures and other subordinate documents. The Selected Bidder would have
to revise or formulate new required documentation such as IT Security policy, Standard & guidelines,
Procedures, subordinate documents, Baseline security etc. The required documentation should also include
the steps to be performed for ongoing ISO27001 compliance.

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 5 of 21

  The agreement with the bidder will be applicable for a period of 3 years which includes the first ISO27001
certification process and subsequent surveillance audits.
 Deliverables for Certification:
 Precertification Gap assessment followed by Audit report (To be conducted by Certification Body)
 All documentation required for ISO27001 certification and closure of audit findings
 ISO 27001 Certification audit by the approved certification agency. The bidder has to mention the
certification Body along with Authorization letter from certification Body in the technical bid.

Documentation:
The successful bidder must review and update existing documents (where available) as needed or formulate and
deliver following mandatory documents:

1. Scope of the ISMS

2. Information security policy and objectives
3. Risk assessment and risk treatment methodology
4. Statement of Applicability
5. Risk treatment plan
6. Risk assessment and risk treatment report
7. Definition of security roles and responsibilities
8. Inventory of assets
9. Acceptable use of assets
10. Access control policy
11. Operating procedures for IT management
12. Supplier security policy
13. Incident management procedure
14. Business continuity Management procedures
15. Legal, regulatory, and contractual requirements
16. Records of training, skills, experience and qualifications
17. Monitoring and measurement results
18. Internal audit program
19. Results of internal audits
20. Results of the management review
21. Results of corrective actions

Bidder should also review (where existing documents available) or formulate the following documents:

 Business continuity plan

 Disaster Recovery Plan
 Patch management policy
 Data retention & archival policy
 Risk Management framework
 Email policy
 Network policy
 Incident Management Policy & Procedure
 Internet Access Management procedure
 Cryptographic key management procedure
 Baseline Standard Policy for all Equipments
 Cyber Security policy
 Domain control policy
 User Access management policy
 Change management policy
 Information classification policy
 Password policy
 Backup, restore and Information transfer policy
 Bring your own device (BYOD) policy
 Bank owned device policy
 Disposal and destruction policy

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 6 of 21

  Procedure for document control
 Controls for managing records
 Procedure for internal audit
 Procedure for corrective action
 Mobile device and teleworking policy
 Procedures for working in secure areas
 Clear desk and clear screen policy
 Other policies recommended by Bangladesh Bank during the certification period.

Bidder should also formulate any other policy and procedure, which is required to ensure compliance with ISO
27001.
Information security Policy should be aligned with ISO 27001, PCI DSS, SWIFT CSP and Bangladesh Bank‟s ICT
Security guideline. Bidder should provide detailed and specific compliance mapping addressing which section covers
relevant section of ISO 27001, PCI DSS, SWIFT CSP and Bangladesh Bank‟s ICT Security guideline.

Tender Evaluation

The method of evaluation of Tenders shall follow the „Quality and Cost Based System‟ (QCBS). Evaluation will be
done as per the prescribed marking format mentioned in the tender document.

The weightage of evaluations of Technical and financial offers shall be 80% and 20%, respectively. The technically
responsive & financially lowest bidder shall get the total marks in the financial offer among the responsive bidders,
and the others shall be evaluated on relative grading. Finally, to obtain the Ranking of the Bidders, both the
Technical and Financial grades shall be summed up. To be noted, the lowest bidder will not necessarily be awarded
preferential consideration.

The technical evaluation matrix:

SL
Technical Evaluation Actionable Marks
No.

1 Completed 05 (Five) ISO 27001 Engagements in Bank/NBFI in

Document 16
Bangladesh
2 Bidder Cyber security Insurance Coverage in Bangladesh Document 15

Bidder must have at least 1 consultant with 08 (Eight) years work

5 experience in Bank/NBFI/MFS/Telco/MNC Organization‟s Information Document 10
Security or IT Audit function.
6 Bidder must be ISO 27001 certified 10
I. Minimum 3 resource with ISO 27001 LA certified Document 6
7
I. Minimum 3 Resource with ISO 27001 LI Certified Document 6
II. Minimum 1 Resource with CISSP Certified 7

III. Minimum 3 Resource with CISA Certified 6

IV. Minimum 2 Resource with CC Certified 4
Total 80

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 7 of 21

Quoting Prices:
Description Price (BDT)
Gap assessment
Implementation of ISMS including documents preparation, remediation
consultancy, awareness & Implementation
Year 1 Certification Audit & Certification
Surveillance audit (2nd and 3rd Year)
ISO 27001 Lead Auditor Training for 5 Personnel
ISO 27001 Lead Implementer Training for 5 Personnel
TAX & VAT
Total

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 8 of 21

 LOT – B
Vulnerability Assessment & Penetration Testing
1. Scope:
Asset type Number of nodes for VA Number of nodes for PT
Applications 20 10
API 150 20
Public IPs 10 10
Server 320 2x5
Network devices 495 24
Workstations 3,500 15
Mobile App 1 1

2. Deliverables for VAPT:

The selected vendor shall provide the following comprehensive deliverables:

 Detailed Vulnerability Assessment Reports for each asset type, comprising:

 A thorough inventory of identified vulnerabilities, categorized by severity levels (e.g., critical,
high, medium, low).
 Detailed descriptions of each vulnerability, including affected systems, potential impact, and
recommended remediation actions.
 Prioritized remediation roadmap outlining actionable steps to address identified vulnerabilities,
considering risk severity and potential business impact.
 Comprehensive Penetration Testing Reports, including:
 Detailed documentation of successful exploitation attempts, with evidence of compromised
systems or data.
 Analysis of penetration testing methodologies employed, including reconnaissance,
enumeration, exploitation, and post-exploitation phases.
 Recommendations for mitigating identified vulnerabilities and strengthening defensive
measures to prevent future exploitation.
 Executive Summary Report summarizing key findings and actionable insights, featuring:
 High-level overview of vulnerabilities discovered, highlighting critical issues and potential
security risks.
 Recommendations for improving overall cyber security posture, prioritized based on severity
and potential business impact.
 Executive-level insights and recommendations for key stakeholders to facilitate informed
decision-making and resource allocation.
 Post-testing Consultation Session, including:
 Interactive session with Jamuna Bank's IT and security teams to review assessment findings
and discuss recommended remediation strategies.
 Opportunity for Q&A sessions to address any questions or concerns regarding the assessment
results or proposed remediation actions.
 Provision of expert guidance and best practices for implementing recommended remediation
measures and strengthening cybersecurity defenses.
 Final Documentation Package, comprising:
 Consolidated reports and documentation from all assessment activities, organized in a
structured and easily accessible format.
 Supplementary materials, including tools, scripts, and technical documentation used during the

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 9 of 21

 assessment process.
 Comprehensive documentation of all findings, recommendations, and remediation actions,
serving as a valuable reference for future security initiatives and audits.

3. Tender Evaluation
The method of evaluation of Tenders shall follow the „Quality and Cost Based System‟ (QCBS). Evaluation will be
done as per the prescribed marking format mentioned in the tender document.

The weightage of evaluations of Technical and financial offers shall be 80% and 20%, respectively. The technically
responsive & financially lowest bidder shall get the total marks in the financial offer among the responsive bidders,
and the others shall be evaluated on relative grading. Finally, to obtain the Ranking of the Bidders, both the
Technical and Financial grades shall be summed up. To be noted, the lowest bidder will not necessarily be awarded
preferential consideration.

The technical evaluation matrix is given below:

SL Technical Evaluation Actionable Marks

No. Bidder should preferably have 08 (eight) VA & PT Engagement to get
1 full marks
Document 24

2 Bidder Cyber security Insurance Coverage in Bangladesh 15

Bidder should have 01 (one) Consultant preferably with 8 years of
3 experience in Bank/NBFI/MFS/Telco/MNC Organization‟s Information Document 16
Security or IT Audit to get full marks
Minimum 3 (Three) nos. of resources with CEH Certified 6
Minimum 2 (Two) nos. of resources with CEH Practical Certified 6
4 Document
Minimum 1 resource with OSCP/LPT Certified. 10
Minimum 1 resource with CISSP Certified. 3
Total 80

4. Financial Offer

Bidder should furnish the financial offer in the following format

1st Year 2nd Year 3rd Year

Scope Quantity Unit Cost
Price Price Price

4300 (Dedicated
scanner specifically
Vulnerability Assessment
allocated for Jamuna
Bank premises)

Web Application Penetration Testing

10
Public IP Penetration Testing 10
Workstations Penetration Testing 15
Network Penetration Testing 24
API Penetration Testing 8
Server Application Pen Testing 10
Total Cost

Note: Rescan and Revalidation will have to be performed within 15 days after fixation of findings
taken by Bank

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 10 of 21

 LOT – C
Next Generation Security Information and Event Management
(NG-SIEM)
Ref. Requirement Vendor Response
a Brand: To be mentioned by bidder
b Model: To be mentioned by bidder
c Country of Origin: To be mentioned by bidder
Supported Operating system
1 i) Red Hat Enterprise Linux 7.5 and above
ii) Windows server 2016 and above
iii ) Suse 12 and above
iv) CentOS 7.5 and above
2 Virtualization platform:
- VMWare ESXi 6.0.
in-memory Database and unstructured Database) shall run on at least ONE (1) of the
following databases:
Supported Database
3 SQL database
a. PostgreSQL version 9.2 or above.
b. MariaDB version 10.2 orabove.
c. Microsoft SQL version 2014 or above.
4 NoSQL database
a. MongoDB version 3.6 and above
b. Neo4j version 3.4 above
c. Elastic Search version 6.1 and above
General Function
5 Log management
6 Incident investigations and workflow
7 Incident Response
8 Forensics
9 Security and compliance reporting and visualizations
10 Ability to do cross-data source correlations to detect specific patterns
11 Long-term data retention
The System shall be a single as integrated product for both logging and SIEM use cases
12
(no separate logging and SIEM data stores/UIs)
Single user interface for all system functionality including searching, reporting, rule
13
building, and system administration
14 Single, common data store for all ingested data
Integration with UBA/UEBA (User and entity behavioral analysis) and SOAR (Security
15
Orchestration, Automation and response) capabilities.
The System shall be a software based System that can be installed in virtual and cloud
16
environments.
17 Support multi-tenant functionality.

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 11 of 21

 In a multi-tenant deployment, the System shall perform machine learning and AI only in
18
the individual tenants data.
Sandboxing based on Full system emulation shall able to detect multi-stage attacks
19
where the exploit which split into multiple objects
The System shall be able to identify threats in any file type. The tenderer shall list down
20
file type supported.
The system shall provide advance correlation capabilities to detect security incidents such
21
as:
a. DDOS attacks
b. Worm outbreak
c. Port Scan
d. SQL injection
e. Brute Force attack
22 The System shall be a Web Based GUI with HTTPS protocol only
The System shall use machine learning based algorithms. The tenderer to provide some
23
use cases and evidence that the app is using machine learning based algorithms
24 The System shall support Inline blocking mode (not TCP Reset)
25 Support integration with Forensic Tools.
26 Able to support minimum of 1000 users.
27 The proposed solution should have ability to acknowledge events as part of a workflow.
28 The proposed solution have a customizable widget on the dashboard
The proposed solution be configured to deploy the existing customer's SAN storage
30
environment.
The proposed solution comes with the integration with at least five open source threat
31
intelligence.
The proposed solution has a primary management console consist of indexer and
32
dashboard
33 The proposed solution should support the High availability mode and sensor
34 The proposed solution should support Event notification in XML, JSON or TEXT formats.
35 The proposed solution should be able to categories Incident Severity attached to Alerts.
Big Data Platform
The System architecture shall support horizontal scaling by adding more servers to cater
36
for growth, and capable to accommodate unlimited storage.
The System design and data shall be designed to allow quick access to terabytes of
37
historical data and shall be able to provide very fast and distributed searching
The System shall be able to ingest any data (structured or unstructured) without defining
38
schemas ahead of time.
The System shall be able to ingest all the original, unmodified data and make it
39
searchable (no data reduction)
The System shall be able to put different data types into different logically separated data
40
stores for optimal search performance or data segregation/RBAC purposes
The System shall be able to maintain the original timestamps for each event while
41
handling timestamps from different time zones
The System shall be able to create data stores summarizing raw data, and then run
42
searches/reports on these summaries for faster performance
The System shall allow automatic compression of the ingested data to reduce storage
43
requirements
44 Data retention settings shall be flexible as follows:
Retain ingested data as long as desired:
Days, months, or years
Granular control on what happens to data as it ages. Aged data can be rolled off to
external/cheaper storage and/or deleted
The System shall support replication to maintain multiple, identical copies of ingested data
45
for data availability, data
fidelity, disaster tolerance, and improved search performance

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 12 of 21

 The System shall support the data replication natively without relying on other third party
46
replication technologies on the operating system or storage level
The System shall be able to provide parsing on demand instead of upfront parsing to
47 reduce the dependency on supported data sources, allowing custom data sources to be
on boarded easily.
The System shall not rely on any form of database for storage of logs. All logs/machine
48
data shall be stored in a raw format.
Flexible Deployment Architecture
49 Local Database for Users
Describe whether the solution is capable of maintaining a user database locally, and if the
capacity of number of users is supported.
50 Guest Login
The solution must provide access for guests and contractors. Indicate with of the following
mechanisms your solution provides. Describe how each can be delivered through the
solution, if applicable
51 User Notification
Ways users can be notified about their usernames and passwords for access (e.g.,
email)?
52 Role Definition
Can the solution provide different roles for guests (e.g., contractors, vendors)?
53 Reporting
Are there multiple types of reports supported?
54 Administration
Does the solution have manageability features available to the administrator (for example,
viewing active guest accounts, or suspending guest accounts)?
55 Air Gap
Can the solution deploy on-prem and fully functional without Internet connectivity?
56 The System shall be supported on any hardware or virtual system (or a mix of both)
The System shall be able to support both centralized and decentralized models for IT data
57
management across the organization.
The System shall be able to deploy on popular cloud provider such as Azure, AWS, GCP
58
or OCI
Pre-Packaged Content and Capabilities for Security/SIEM Use Cases
59 Correlation Rules
Existing correlation rules shall be easily modifiable and new correlation searches shall be
60
easily created
Each correlation rule shall have automatic, configurable assignment of severity, owner,
61
and status
62 Flexible searching and alerting options
63 Does Correlation rules cover multiple security categories and technologies
64 The System shall have built-in reports and dashboards
The reports and dashboards shall support drill-down capabilities to get quickly from a
65
high-level dashboard to the raw events
The reports and dashboards shall contain simple filtering options and form boxes to help
66
users narrow down data to what is of interest to them
67 Incident review/workflow framework for reviewing and processing incidents
Detail on each incident shall at least include:
Additional context from external asset and identity sources
The raw event(s) that constitute the incident
The workflow history of the event
Ability to manually change incident severity, owner, and status, as well as add notes to an
incident
Ability to automatically update firewalls, IPS or Endpoint Security rules
Ability to leverage external data sources to enrich raw events, add context, and/or create
68
more specific correlation rules

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 13 of 21

 a. Employee information (e.g., AD/LDAP extract)
b. Asset information (e.g., CMDB extract)
c. Lists of prohibited services/processes/IPs/ports/protocols
d. Threat intelligence feeds on known bad IPs, domains, and external threats
e. Ability to add new threat intelligence feeds, whether free or commercial/proprietary
Security Content Updates
The System shall provide security analysis guides called analytic stories as part of a
content subscription service. The analytic stories shall include content that provide
69
actionable guidance for detecting, analyzing, investigating and addressing security threats
detected in your environment.
a. ATT&ck, an adversary behavior model that describes the actions an adversary
70
might take.
b. Kill-Chain, a model that identifies the phases an adversary shall complete to
achieve their objective.
c. CIS Critical Security Controls
d. Data Models that are referenced within the searches and that need to be populated.
e. Technologies, example technologies that map to the data models.
f. References, external sources supporting analytic story research.
71 An Analytic Story includes the following queries that fall into one of four categories:
a. Detection searches identify indicators of a potential threat.
b. Context searches advise you on context- specific asset and identify information that
you need to gather for an investigation.
c. Investigative searches advise you on the additional information you need to gather
to investigate a threat and determine its impact within your environment.
d. Supporting searches support the detection searches.
Threat Intelligence Framework
72 The System shall be able to retrieve from any threat feeds without restriction.
The System shall be able to retrieve threats in various ASCII/UTF-8 file formats like text,
73
csv, xml.
74 The System shall be able to automtically parse IOC from STIX and OpenIOC formats.
The System shall be able to support multiple transport mechanisms such as TCP or
75
Trusted Automated eXchange of Indicator Information (TAXII).
76 The System shall be able to support the following indicators.

Network:
a. HTTP Referrer, User Agent,
b. Cookie, Header, Data, URL
c. IP
d. Domain

Endpoint:
a. File Hash, Name, Extension, Path and Size
b. Registry Hive, Path, Key Name, Value Name, Value Type, Value Text, Value Data
c. Process Name, Arguments,
d. Handle Name, Handle Type
e. Service Name, Description

Certificate:
a. Certificate Alias, Serial, Issuer, Subject,
b. Start Time, End Time, Version, Handshake Type, Publickey Algorithm,
c. Signature Algorithm

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 14 of 21

 Email:
Email Address, Subject Body
The System shall support adding of generic intelligence feeds with the ability to define
77
custom fields.
78 The System shall support certificates authentication for third party authentication.
Risk Scoring
The System shall be able to assign any arbitrary risk score to any data point or fields,
79
example, user name, host name, location etc.
The System shall be able to assign any arbitrary risk score based on self defined query
80
based on any correlated events, statistical analysis, threat indicator match.
Incident Management
81 The System shall have a built-in Incident review framework for incident management.
It shall allow tracking of incidents from correlation rule through investigation of that event
82
to closure.
83 The System shall be able to provide the capability to:
a. Annotate events
b. Upload relevant artifacts or evidence
Modify status
Build a chronological timeline for the incident before and after a triggered event
Track searches and activities
Review activities at any point
Compliance Use Cases
Dashboards and reports shall be easily created to measure compliance with any technical
84
control traceable in the data
The System shall be able to satisfy internal audit requests and auditor ad-hoc information
85
requests, which able to support major regulations and frameworks for:
a. PCI
b. NIST 800-53
c. ISO 27001
d. GDPR
e. SOC 2
f. TX-RAMP
Support For Broad Range of Use Cases
86 Use Cases can include:
a. OT Security
b. Insider Threats
c. Security Stack consolidation
d. Securing Multi-cloud and SaaS
e. Asset Analytics
f. Industrial Data and Internet of Things
A single System that shall support all the data needs of different users, roles, and
87
departments across the organization
Ingest all the Original Machine Data / Log Files from any Source
The System shall support any data sources including any application, OS, device, or
88
system whether virtual/physical or cloud-based
The System shall not rely on vendor- supplied, custom connectors to ingest data from
89
different sources
The System shall be a “future-proof”, that it can accommodate new data sources or
90
changes in the log format of an existing data source
91 The System shall be able to ingest multi- line or complex event logs

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 15 of 21

 The System shall be able to apply both supervised and Unsupervised Machine Learning
92 and Adaptive Machine Learning on logs it receives from the following security log sources
that can be ingested and shall at least include:
a. Firewalls
b. Intrusion Detection System / Intrusion Prevention System
c. Authentication system (including LDAP and Active Directory)
d. Data Loss Prevention
e. Anti-malware
f. Automated malware analysis tools
g. Web security or web proxy
h. Email security
i. Vulnerability scanners
j. File integrity monitoring
k. Web application firewalls
l. Windows and Linux systems
93 Non-Security sources that can be ingested shall at least include:
a. Operating system logs (endpoints and servers)
b. Email server
c. Web server
d. DHCP/DNS
e. VPN
f. Network Flows (NetFlow, IPFIX, etc)
g. Network traffic and PCAP files
h. Networking devices (routers, switches)
i. Databases and mainframes
j. NAS devices and filers
k. Hypervisor and virtual machine logs
l. Service Now
m. Call records
n. Mobile devices and mobile device management systems
o. Server and Endpoint Management tools
p. SCADA devices
q. Industrial control systems
r. Manufacturing systems
s. Hosted VM environments (Amazon Web Services, Rackspace, etc)
t. Cloud-based applications (Box, Salesforce.com, etc)
u. Web analytics
v. ERP and CRM
w. Custom applications
Ability to receive data via a wide range of agent-based and agent-less mechanisms
94
including
a. The agent shall have the ability to encrypt communications to the system, to cache
the data, to load balance the data to different servers, and to send the data via TCP
b. Syslog
c. TCP or UDP
d. XML
e. CSV
f. JSON
g. Custom inputs

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 16 of 21

 h. Scripted inputs
i. Modular inputs
95 Ability to directly connect to any SQL database table and extract the contents for ingesting
Enrichment of Ingested Data
The System shall have the ability to ingest new, external data to the previously ingested
96
data to facilitate searching and reporting going back days, months, or years
It shall be able to take raw, ingested data and use it to perform lookups against any
97 database or CSV file and could be of any value, including IPs, machine names, or
prohibited services/external IPs/ports/protocols
Supports integration with corporate directories (AD, LDAP, etc) to extract employee
98
information including:
a. Employee user names, first, last, phone, manager, department, location, if
privileged, if on watchlist, start and end dates, etc.
b. Enables ability to correlate multiple usernames back to a single employee
Supports integration with CMDBs or asset databases to extract asset information
99
including
a. Device host name, IP, MAC, location, if containing confidential data, if relevant to a
given regulation, etc
b. Enables ability to map an IP to a machine name and vice-versa
Ability to easily integrate with any third- party, free or commercial, human- readable threat
100
intelligence feed
Backup and Restore of Data
The System shall have the ability to export and import data to/from external storage such
101
as NFS, ElasticSearch, Kafka or S3
Flexible Search and Alerting Capabilities
102 Ability to do full-text search on any field in the ingested data based on:
a. Any free text search
b. Selectable Time ranges
c. Specific or relative time windows down to the month/day/minute/second
d. Boolean logic (and, or, not, etc)
e. Regular expressions
f. Wild card syntax
g. Statistical analysis including
h. Count of occurrences, distinct count of occurrences, sum
i. Most common values or least common values of a field
j. Minimum, maximum
k. Average, mean, mode, median
l. Standard deviation, variance
m. The identification of anomalous values in results that may be irregular, or
uncommon
n. The statistical correlation between fields
o. Clustering of events together based on their similarity to each other as a single
event
p. Truncate outlying numerical values in selected fields to assist in statistical
correlation
q. First and last seen value
r. Percentile
s. Predicted values (search that looks at historical data to mathematically predict
future values)
t. Perform a union, diff, or intersection of individual or multiple search results
u. Search for relationships between pairs of fields by comparing the values of one field
to a reference field and value pair
Ability to do baselining and then apply the above search logic to find outlier/anomalies
103
from the baseline that may be advanced, non-signature based threats

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 17 of 21

104 The searches shall enable the user todata-mine based on who, what, when and where
105 Searches can easily be saved, shared, and modified
106 Searches can be real time or scheduled
107 Ability to run multiple concurrent searches
108 Real-time alerting capabilities on a per- search basis that can:
a. Send an email
b. Add to a RSS feed
c. Execute out-to-the-box actions on firewalls, Intrusion Prevention and Endpoint
Security systems
d. Execute a custom script
e. Scripts can act as “middleware” enabling automated remediation actions involving
different vendor products
f. Be throttled so not every event that meets the search parameters results in an alert
action
109 No fixed maximum on the number of searches or alerts that can be run
Dashboard Visualization and Reporting Functionality
110 The proposed solution shall include executive level summary dashboard and reports.
The proposed solution shall have built-in and out of box reports with graphical view
displaying statistics:
a. Executive single dashboards of Multiple Top-N Visualization Real-time
b. Top Number on alert of Security critical events
c. Top Number of violator
d. Top Number of threats
e. Continuous Real time Security and Risk dashboard for compliance status visibility
"as its happen"
The System shall enable the easy creation of a wide range of visualizations (not limited to
111
fixed, pre-canned reports)
112 The System Native visualizations shall include:
Tables
Time charts
Line charts
Bar charts
Area charts
Pie charts
Maps
113 The System Visualizations shall have the ability to update in real-time
The System Visualizations shall be able to make clear outliers/anomalies in need of
114
further investigation
The System Visualizations shall support drill-down, click-through capabilities to get from
115
summaries to raw events.
The System visualization shall support the drag and drop user interface enables non-
116 technical and technical users to build complex reports without having to use search
commands or understand the format of the underlying raw data
The System charts visualization shall support the ability to change titles, legends, and
117
axis labels and settings
118 The System shall support the “drag and drop” editing of dashboard panels
119 Ability to easily print events, tables, and visualizations
120 Ability to convert dashboards into PDF files and schedule them to be emailed to others
121 Ability to integrate with external visualization frameworks for additional visualizations
Data Security and Integrity
Flexible Roles Based Access Control for controlled user and API access. Enables
122 restricted access to specific data sources, data types, time periods, specific views, reports
or dashboards

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 18 of 21

 Authentication and authorization integration with Microsoft Active Directory and other
123
LDAP-compliant implementations
Integration to enterprise single sign-on Systems enabling pass-through authentication of
124
third party credentials
Real-time remote ingesting of data to minimize the opportunity for alteration of audit trails
125
on compromised hosts
126 Secure data stream access and distributed functionality via SSL/TCP
Monitors its own configurations and usage to maintain a complete, digitally signed audit
127 trail of who is accessing the system, what searches they are running, what reports they
are viewing, what configuration changes they are making, and more
Open Platform
The System shall support an API to expose all ingested data, search commands, and
128
functionality to external systems, applications, or dashboards
The System shall support APIs to programmatically access the system configuration and
129
data extraction
The system configurations shall be configurable via the UI or the CLI, enabling granular
130
changes and customization
The System shall support the capability to easily forward on data to any external system
131
or logging tool
Data Collector
The System shall have multiple data collection sensors including Network Security
132
Sensors and Agent Sensors.
133 The System shall aggregate all agent logs and send to central system
The System shall provide Managed Services for the App with on-going unlimited
134
dashboard and correlation query update
135 The System shall be able to extract granular user readable metadata from layers 2-7
The System's sensors shall capture network data and only send relevant data to
136
processor for analysis.
137 The System shall provide integrated Network Traffic Analysis (NTA).
138 Proposed System shall be able to support both agent and agentless based log collection.
The System shall be capable in performing Server and Network Infrastructure Monitoring
139
out of the box.
140 The System shall be capable in performing Application Monitoring out of the box.
141 The System shall support Geo Location Public IP look up
Support customize and in-house security logs and deliver on-the-fly correlation for the
142
logs
143 The System shall be passively collect asset information and network flow information's
The System shall provide ready-to-use apps, utilities and add-ons in providing capabilities
144
ranging from monitoring security and advanced threat management and more.
The proposed System shall be able to ingest all data (users, applications) and make them
145
available for use—
monitoring, alerting, investigation, ad hoc searching
146 The System shall provide flexibility to integrate with third-party reporting tools and portals
The proposed System shall be able to capture new event from source devices without
147
reading through the entire data from the beginning
The System shall be capable to monitor files changes in all folders for both Windows or
148
Linux server
149 The System shall provide view for raw data stored.
Detection
150 The System shall align all alerts to the Cyber Security Killchain.
151 The System shall provide a description of malware detected.
152 The System shall provide supervised and unsupervised machine learning functionality.
153 The System shall provide Artificial Intelligence and Machine Learning functionality.
154 The System shall provide Gen AI assisting in investigation and threat hunting
155 The System shall provide an integrated IDS.

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 19 of 21

 The System shall be able to send alert to respective personnel regarding security issue
156
based on correlated event.
The System shall be able to track changes and secure your environment by monitoring for
157
suspicious activity, user role changes, unauthorized access and more.
The System shall be able to detect compromised hosts associated with advanced threats
158
and malware infections
The System shall support the ability to monitor security events outside machine data (e.g.
159
monitor security events/threats that have been posted in Internet)
The System shall be able to find activities and events associated with successful attacks
160
and malware infections
161 The System shall issue alert upon detection of blacklisted external IP
The System provide network visibility from wire data that contains critical insights about
162
payloads, session information, errors, DNS, etc.
163 The System shall be able to monitor Unknown Threats
164 The System shall be able to discover capacity-constrained or idle systems
165 The System shall provide on premise Signatureless Detection Capability.
166 The System shall have the User behavior Analytics capabilities
The System shall have pre-built detections rules built based on the CyberKill Chain
167
Framework
Investigate
168 The System shall perform log analysis base on searching and reporting.
169 The System shall analyze and correlate security events.
170 The System shall have integrated threats, incident and compliance management
The System shall be able to mask (e.g. password, credit card number) the data before
171
storing it
The System shall automatically monitor for known bad events, and use sophisticated
172 correlation via search, to find known risk patterns such brute force attacks, data leakage
and even application-level fraud.
173 The System shall be able to be able provide compromise and breach assessments.
174 The System shall be able to correlate asset info with threat and vulnerability data
The System shall be fully customizable when creating warning or alarms for high risks
175
events
The System shall be able to provide search function that support simple Boolean-style
176
patterns search as well as complex regular expressions.
The System shall be able to allow analyst to build queries using combined search
177 method. A single query may contain keywords, field based conditions and regular
expressions.
The System shall be capable to correlate and identify application performance issues due
178
to security incident (e.g.
DDOS attacks, unauthorized access to the system that causing application performance
issues.).
179 The System shall support the ability to link to Threat Intelligence in Alert.
180 The System shall be able to detect threats targeting various Operating Systems.
181 The System shall be able to provide Event Correlation across multiple Appliance types.
182 The System shall provide threat intel updates from tenderer's platforms.
183 The System shall support community based intel sharing.
184 The System shall provide attribution of alerts to known threat actors.
185 The System shall provide In depth analysis and reporting on threat actor trends.
186 The System shall provide on demand analysis of IPs and Domains.
Respond
The System shall have SOAR ( Security Orchestration Automation Response )
187
capabilities to email, case management, Firewall, and Active Directory
The System shall have the ability to threat-hunt and automate the threat-hunt and apply to
188
SOAR
The System shall have a built in case management and with the ability to support the
189
Integration to 3rd party case management

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 20 of 21

190 The System shall have prebuilt templates for general reporting and compliance reports
Network Security Traffic Analysis
Provides tracking of the interaction between devices, services, applications that are
191
running on your network in real time and historically.
192 Network Traffic Analysis must includes
193 Network performance statistics
194 Server performance
195 Application detection and performance monitoring
196 Top sources & Top destinations
197 Asset throughput
198 Asset application performance
199 Network interactions with asset
200 HTTP statistics
201 DNS statistics
202 Asset discovery and statistics
203 IP address
204 Device Manufacturer
205 Application Services
206 Time discovered and last seen
207 Asset tag(s) and description
208 Server certificate visibility.
Licensing
209 Vendor should quote below mentioned licenses for 3 years
NGSIEM- 100 Gb license
UEBA- 3000 license
SOAR
Sandboxing
IDS
FIM-200 servers
TIP

Bidder must mention system requirement to run NG-SIEM software, Bank will provide
210
necessary VM (Computing and Storage) for Installation Software Bundle.

Abul Hasan Rajib Bin Ahmed

Senior Assistant Vice President Senior Vice President

A. K. M. Atiqur Rahman
DMD & CITO (Head of ICTD)

Jamuna Bank PLC, ICT Division, Head Office, Dhaka Page 21 of 21