Download the complete service offering
1. Description of Service
The Massachusetts Office of Information Technology (MassIT) provides firewall protection services for the Commonwealth's assets and resources. Remote firewalls support customer hosted applications requiring remote firewall protection utilizing MAGNet services. Secure remote device managed firewalls are used when a customer requires remote vendor access to equipment or devices located at the customer site. By using these protection services, MassIT provides customers secure access while protecting the Commonwealth's assets and resources.
The Remote Firewall service includes:
- Provision and configure a remote firewall.
- Establish a firewall perimeter with failover capability in MAGNet connections to DMZ's and to the Internet as a whole.
- Monitor and change firewall rules when needed.
Remote Device Managed Firewall service includes:
- Provision and configure a firewall edge for remote customer locations.
- Provide secure connections for customer vendors to access their devices remotely.
- Monitor and change firewall rules when needed.
Magnet Security Protection:
Securing MAGNet through managed enterprise firewalls and Internet Gateway services is a service offering that supports resources and infrastructure including:
- Managed firewalls that ensure access control and secured authorized use of MAGNet.
- Gateway services that provide a protection layer for all mail passing through the network. All mail is filtered, scanned, and if necessary blocked by reliable and highly available anti-virus, spam and content filtering solutions.
This service offering includes a port charge that is applied to any device that accesses MAGNet via WAN and Campus connections, XDMZ's and hardware supporting UNIX hosting systems.
Internet Protocol (IP) Addressing:
IP addresses are used to "label" a device in order to communicate with other devices or to locate a particular device. Services include:
- Adding or returning and IP address or range.
Domain Name System (DNS):
The DNS service translates domain names into their associated IP addresses so that devices can then communicate with one another. Services include:
- Adding or removing a qualified domain name to or from the DNS server.
- Editing a qualified domain name on the DNS server.
- Adding Host, CName, or A records on the DNS server.
Support services include:
- A Service Account Manager to answer any questions or concerns regarding MassIT Services.
- Services offered through our Operations Office; including Change Management and customer access to incident management via email, phone (CommonHelp).
- The online COMiT service management portal .
- MassIT's Chargeback Billing System.
- For additional Security support services please see Security Information Services.
2. Service Targets and Metrics
|Service Availability||Service availability hours are 24x7.|
|Infrastructure Component Availability for Remote Firewalls||All firewall components are available 24x7 excluding planned maintenance.|
|Infrastructure Component Availability for Remote Device Managed Firewalls||These firewalls are pre-configured and sent to the agency as a plug-and-play device. Hardware replace should be performed the next day. The agency has the option to purchase a pre-configured spare that they can swap out and send MassIT the failed device.|
|Security Availability for Remote Firewalls|
The MassIT IP Security equipment will be available and capable of forwarding IP packets 99.999% of the time, as averaged over a calendar month. The MassIT IP Security includes MassIT owned and controlled security devices located in the Chelsea/Boston Data Center and remote agency locations.
The MassIT Security availability does not include local loop, Customer Premise, Equipment, Customer's Local Area Network (LAN), scheduled maintenance events, customer caused outages/disruptions or interconnection connectivity within other Internet Service Provider (ISP) networks.
|Security Latency for Remote Firewalls||This is included in MassIT's network core service.|
|Planned Maintenance for Remote Firewalls||This requires a weekly 1-2 hour window between 7:00 am-5:00 pm Monday through Friday excluding holidays. Ad-hoc maintenance is scheduled through change control and customers are notified though part of the change control process.|
Staff will respond to service requests 7:00 am - 5:00 pm Monday through Friday excluding holidays. Customers can make requests through COMiT.
Emergency requests must include Executive approval and be approved by the Security Office prior to implementation.
|Incident Management*||MassIT Service Management Office has standard processes to manage incidents, requests and changes.|
Outages or urgent issues should be reported by phone to receive the quickest response 1-866-888-2808.
|Firewall logs||A detailed view of firewall activity for 30 days on a rotating basis. Logs will maintain timestamps.||N/A|
*Incidents, requests, or changes that are outside the scope of the defined service description or normal service hours will be direct charged to the customer.
3. Service Reporting
Currently, there are no reports available for this service.
4. Service Requests
|COMiT Service Requests*||Description||Lead Time-Business Days|
|Request to Open or Close Firewall Port||This request is to open a new port or deactivate an existing firewall.||10 Days|
|Request Read-Only Firewall Permissions||This request is to allow limited 'read-only' access to a firewall.||10 Days|
|Activate or Deactivate an Agency Firewall||This request is to activate or deactivate a firewall located at an agency site.||10 Days|
|Request to Verify Firewall Access||This request is to verify current firewall access.||10 Days|
|Submit an Issue with Current Firewall Service||This request is for assistance with a firewall issue.||10 Days|
|Add or Remove DNS Entry||This request is to add or delete a DNS entry.||10 Days|
|Change DNS Entry||This request is to change a DNS entry.||10 Days|
|Submit and Issue with Current DNS Service||This request is for assistance with a DNS issue.||10 Days|
|Add or Return a Range of IP Addresses||This request is to add new or return existing Commonwealth TCP/IP address space.||10 Days|
|Submit an Issue with Current IP Addressing Service||This is a request for assistance with an IP address issue.||10 Days|
*For new service requests only. To manage existing requests, please log into COMiT.
Request fulfillment happens as part of a process with change control. If an emergency change is needed then an emergency change control ticket is opened and the CAB is convened. Non-emergency tickets are brought before the CAB every Thursday and depending on the ticket, are acted upon during the next window.
5. Customer Responsibilities
The customer is responsible for opening change orders to initiate the changes needed to be made. The MassIT Security Office will then open change control tickets, examine the request for policy violations, and then plan and schedule the change needed.
For your convenience, you may also view a detailed list of customer responsibilities .
6. Chargeback Rate Information
For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.
Cost framework: Security Operations and Engineering
1.Direct Charges to Customers
|Total 1A. Customer Specific - Costs Directly Charged to Customers||$0|
|Total 1. Direct Charges to Customers||$0|
2. Direct Dedicated Resources
|Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)||8.00||$688,972|
|Total 2A. Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)||8.00||$688,972|
|- IntraSystems, Inc.-TripWire for Vulnerability Monitoring-||$13,928|
|- Zensar Technologies (formerly Akibia)-Reporting Appliances for SECOPS, InfoBlox Replacement Appliances-||$3,370|
|- IntraSystems, Inc.-Tripwire ELA for CSA EOL-||$49,237|
|- IntraSystems, Inc.-Tripwire Enterprise for File Systems for PayInfo-Replatform Project-||$186|
|- IntraSystems, Inc.-TripWire Enterprise for VMWare ESX for data center consolidation-||$1,865|
|- Zensar Technologies (formerly Akibia)-Upgrade RSA from 1000 to 2005 - RSA Authentication Manager Base Edition-||$12,441|
|- IntraSystems, Inc.-Tripwire for ANF Transparancy Open Checkbook-||$244|
|- IntraSystems, Inc.-Tripwire and Assuria for DCAM Contractor Certification Applicaation-||$452|
|- IntraSystems, Inc.-TripWire Enterprise for File Systems for data center consolidation-||$9,513|
|- IntraSystems, Inc.-Tuffin for IPS Appliances-||$56,827|
|- Other Costs, Reclassifications, Adjustments-||$615,779|
|- RetroFit-Avocent for Data Center Consolidation - EHS Pilot-||$592|
|- SHI-Assuria Auditor software for ANF Budget System-||$386|
|- SHI-Assuria for HRD Worker's Compensation Project-||$49|
|- SHI-Networker Client-||$85|
|- SHI-RHEL for Storage VM-||$519|
|- Zensar Technologies (formerly Akibia)-Reporting Appliances for InfoBlox Replacement Appliances-||$6,547|
|- en Pointe Technologies-Tripwire for HRD Workers' Compensation Project-||$90|
|- IntraSystems, Inc.-RSA SecurID SID700 w/5yr. secureID Authenticator-||$253|
|- Zensar Technologies (formerly Akibia)-InfoBlox Appliance for SDC-||$41,842|
|- Dell Software-Avocent Console Software-DSView3-||$4,061|
|- IBM-(2) IBM X3650 M3 Servers to support Splunk Software-||$635|
|- Agilysys-(2) IBM Servers to add additional storage to Security VMWare Environment-||$888|
|- IntraSystems, Inc.-Juniper for End-of-Life Firewalls-||$82,772|
|- Akibia (Aquila Technologies)-QualysGuard Vulnerability Virtual Scanner Appliance-||$1,300|
|- Dell Software-Exceed/Hummingbird (#G58277, #G58252, #G58376)-||$1,722|
|- Dell Software-RDELTA-||$2,624|
|- Dell Software-RHEL-||$422|
|- Dell Software-RHEL Platform-||$10,792|
|- Dell Software-Splunk Software-||$6,388|
|- en Pointe Technologies-Tripwire Enterprise for File Systems (1-16 processors) for EHS Rational Requirement Composer Project-||$169|
|- ePlus-Cisco 3560 Switches 24 port for end-of-life firewalls-||$800|
|- IBM-IBM HS22 Blade Server-||$1,750|
|- IntraSystems, Inc.-Assuria Auditor (System Scanner)-||$46,678|
|- IntraSystems, Inc.-Checkpoint Software Maint and Nokia Equpment Maint Tier 1 Tech support 7x24-||$670,888|
|- IntraSystems, Inc.-Assuria for ANF Transparancy Open Checkbook-||$746|
|- IntraSystems, Inc.-Assuria for Linux for data center consolidation-||$3,730|
|- IntraSystems, Inc.-Assuria for Win for data center consolidation-||$7,958|
|- Agilysys-Avocents to replace EOL avocents.-||$3,443|
|- Dell Software-VMWare-||$424|
|Other Costs, Re-classifications, Adjustments||-$275,000|
|Total 2B. Hardware / Software / Contracts (UU, LL , etc)||$2,113,992|
|Total 2. Direct Dedicated Resources||$2,802,964|
3. Indirect Costs
|Total 3A. Allocated Shared Resources||$0|
|Total 3. Indirect Costs||$0|
4. Indirect Costs
|Total 4A. Shared ITD Data Center Services||$0|
|Total 4. Indirect Costs||$0|
5. Allocated Costs
|Allocated Costs Not Specific to Service||$551,427|
|Total 5A. Allocated Costs Not Specific to Service||$551,427|
|Total 5. Allocated Costs||$551,427|
6. Management Adjustments
|Total 6A. Management Adjustments||-$1,031,000|
|Total 6. Management Adjustments||-$1,031,000|
|GrandTotal: Security Products and Services - Security Operations and Engineering||$2,323,391|
7. Rates Pertaining to this Service
|SERVICE OFFERING / TITLE / BILLABLE UNIT||RATECODE||RATE||PLANNED UNITS||COST|
|Security - Remote Firewall Support-FireWall / Month||SU020||$970||468||$453,960|
|Security - Remote Device Support-Device / Month||SU040||$77||144||$11,088|
|Security - Magnet Port Security -Port - Month||SU060||$154||12072||$1,858,343|
|Total 7A. Rates Pertaining to this Service||$2,323,391|
Download a complete listing of all chargeback rates
Updated October 21, 2014
Reviewed August 14, 2014
Published August 14, 2009
Created April 10, 2009: Information provided by the Security Office