Cybersecurity Enhancement Tender for School District Infrastructure Protection

Identity Protection & Authentication Narrative Clarksdale Municipal School District (CMSD) is seeking support through the FCC Cybersecurity Pilot Program to implement a comprehensive identity protection and authentication solution to strengthen access controls across the district’s infrastructure.

The goal is to mitigate risks related to unauthorized access, credential compromise, and account misuse, particularly among administrative, instructional, and IT personnel.

Requested Services and Capabilities CMSD requests proposals for services and tools—or equivalent—to support the following capabilities: Multi-Factor Authentication (MFA) Enforce MFA for all privileged accounts, IT personnel, and users accessing sensitive systems.

The solution must support token-based, app-based, or biometric verification options and integrate with both on-premise and cloud-based systems (e.g., domain controllers, email portals, and administrative consoles). DNS-layer Security and Filtering Deploy a DNS-layer protection tool to block access to malicious or unauthorized domains before the connection is established.

The system must include content categorization, real-time threat updates, and customizable filtering policies. Password Management System Implement a secure password vault or management solution for administrative and service accounts. Must support password rotation, access controls, audit logging, and granular sharing policies.

Group Policy Management Configure and enforce Group Policy Objects (GPOs) for user-level and machine-level security. Must include enforcement of screen timeout, password complexity, USB/device restrictions, and login banners.

Patch Management Narrative Clarksdale Municipal School District (CMSD) is requesting support under the FCC Cybersecurity Pilot Program for a modern patch management solution to automate and monitor operating system and application updates districtwide. This service is a critical need due to legacy vulnerabilities across staff devices, domain controllers, and instructional computers.

The district currently lacks a centralized platform for identifying, deploying, and reporting on patches.

Requested Services and Capabilities Vendors must provide a solution (or equivalent) that meets the following criteria: Centralized Patch Management Console Deploy a platform that allows IT administrators to view patch status, push updates, and generate compliance reports across all connected endpoints and servers.

OS and Third-Party Software Support Must support patching for Microsoft Windows and common third-party software (e.g., browsers, PDF tools, plugins, etc.). Ability to whitelist or defer specific patches is preferred. Automation and Scheduling Enable flexible scheduling for patch deployment by building/site, user group, or device type. Include rollback or remediation options in case of patch failure.

Vulnerability Scanner Integration Solution must integrate or work alongside vulnerability scanners to prioritize patching based on CVSS scoring or Known Exploited Vulnerabilities (KEV) listings. Reporting Generate reports by device, user, or site. Must be exportable and usable for compliance verification.

Domain Controller Upgrade & Security Updates Narrative Clarksdale Municipal School District (CMSD) is requesting support through the FCC Cybersecurity Pilot Program for the replacement of its current legacy Domain Controller and the implementation of a secure, policy-driven update strategy to address ongoing cybersecurity vulnerabilities.

The current infrastructure includes aging servers running unsupported operating systems (e.g., Windows Server 2012) and lacks modern capabilities for user access control, centralized security policy enforcement, and timely distribution of critical updates. This infrastructure poses a significant risk to the confidentiality, integrity, and availability of district systems.

Requested Services and Capabilities Vendors are asked to propose a complete solution—using generic descriptions or including “or equivalent” when referring to any product or platform—that delivers the following: Decommissioning of Legacy Domain Controller Remove or migrate from existing Windows Server 2012 domain controller and replace with a hardened server OS that supports Group Policy Objects (GPOs), role-based access control (RBAC), and secure Active Directory configuration.

Deployment of Modern Domain Controller Install and configure a new domain controller environment that integrates with CMSD’s current IT infrastructure, including DNS, DHCP, network devices, endpoint protection systems, and cloud platforms.

Security Policy Enforcement Establish Group Policy Objects to enforce secure password policies, account lockouts, USB controls, device hardening, screen timeout, and least-privilege access. Apply policies consistently across all 9 campuses and user groups (e.g., staff, students, administration, IT). Agency: Universal Service Administrative Company (USAC) Status: Certified