The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke
GOVERNMENT ICT STANDARDS
End-User Computing Devices Standard
First Edition 2016
©ICTA 2016 All rights reserved
2
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
End User Computing Devices StandardFirst Edition 2016
ICTA 2016- All rights reserved
3
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
CONTENTSICTA STANDARDS DESCRIPTION 4DOCUMENT CONTROL 6FOREWARD 7INTRODUCTION 8SCOPE 9APPLICATION 9NORMATIVE REFERENCES 9DEFINITIONS 10ABBREVIATIONS 11SUB DOMAINS 12
ANNEXES 14Annex A.1End user equipment procurement 14Annex A.2 Technical Specifications 15Annex A.3: Bring your own device Policy 16Annex B.1 Inventory 16Annex B.2 Maintenance 17Annex C.1 Decommissioning 18Annex C.2 Disposal mechanisms 18Annex D.1 Data- in- transit protection 20Annex D.2 Data- at-rest protection 20Annex D.3 Authentication (MCA-Issued Devices, Non-MCA Issued Devices) 24
APPENDICES 26Appendix 1: Compliance Checklists 26APPENDIX 2: ICT Minimum Hardware Specifications 37APPENDIX 3: Mandatory and fixed versionsSoftware specifications 82APPENDIX 4: Mandatory and Upgradable versions Software specifications 82APPENDIX 5:Characteristics of Storage Encryption Technologies 83APPENDIC 6 Storage Encryption Technology Planning and Implementation 84APPENDIX 7 Alternatives to Encrypting Storage on End User Devices 89Appendix 8 ACCESSIBILITY BY PERSONS WITH DISABILITY 90Appendix 9: Related Documents 92
4
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
ICTA STANDARDS DESCRIPTION
S/No Thematic Area
Standards Brief Description
1 Infrastructure ICTA-2.001:2016Network Standard
Provides compliant requirements for design, installations and management of all categories of IT Networks to be deployed in government.
ICTA-2.001:2016Data Center Standard
Provides compliant requirements for design, installations and management of government data centers
ICTA-2.001:2016Cloud Computing Standard
Provides compliant requirements for design, installations and management of cloud computing infrastructures for government
ICTA-2.001:2016End-User Equipment Standard
Provides the minimum specifications for all computing devices being deployed in government
2 Systems & Applications
ICTA-6.001:2016Systems & Applications Standard
Provides compliant requirements for design, installations and management of all government Software and applications Systems.
3 IT Security ICTA-3.001:2016Information Security Standard
Provides compliant requirements for design, installations and management of Information Technology Security in government.
4 Electronic records management
ICTA-4.001: 2016Electronic records and Data Management Standard
Provides compliant requirements for management of government electronic records and data
5 IT Governance ICTA. 5.001: 2016IT Governance Standard
Provides compliant requirements for IT Governance in government. This includes compliance requirements for government IT service providers and Professional Staff.
6 ICT Human Capacity
ICTA.7.001:2016ICT Human Capital and Work force Development Standard
Provides compliant requirements for development of Human Capital capacity for deployment and support for government ICT infrastructure and services.
5
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
REVISION OF ICT STANDARDS
In order to keep abreast of progress in industry, ICTA Standards shall be regularly reviewed. Suggestions for improvements to published standards, addressed to the Chief Executive Officer,
ICT Authority, are welcome.
©ICTA, 2016
Copyright. Users are reminded that by virtue of Section 25 of the Copyright Act, Cap. 12 of 2001 of the Laws of ICTA, copyright subsists in all ICTA Standards and except as provided under Section 26
of this Act, no Standard produced by ICTA may be reproduced, stored in a retrieval system in any form or transmitted by any means without prior permission in writing from the CEO.
6
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
DOCUMENT CONTROL
Document Name: End User Computing Devices Standard
Prepared by: ICTA End User Computing Devices Standard Technical Committee
Edition: First Edition
Approved by: Board of Directors
Date Approved: 11th August 2016
Effective Date: 1stJanuary 2017
Next Review Date: After 3 years
7
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
FOREWORD
The ICT Authority has express mandate to, among others, set and enforce ICT standards and guidelines across all aspects of information and communication technology including systems, infrastructure, processes, human resources and technology for the public service. The overall purpose of this specific mandate is to ensure coherence and unified approach to acquisition, deployment, management and operation of ICTs across the public service, including state agencies, in order to promote service integration, adaptability and cost savings through economies of scales in ICT investments.
In pursuit of achievement of this mandate, the Authority established a Standards Committee to identify the critical standards domain areas as well as oversee the standards development process. A total of Nine Standards falling under six different domain areas were identified by the committee to be relevant for government ICT Standards. The development of all the identified standards was done through a process which took into consideration international requirements, government requirements, stakeholder participation as well as industry/sector best practices. In order to conform to the format of other existing national standards, the committee adopted the Kenya Bureau of Standards (KEBS) format and procedure for standards development. In addition, through Memoranda of Understanding, KEBS has made invaluable contribution to the development of ICT Authority standards.
The ICTA End User Computing Devices Standard, which falls under the overall Government Enterprise Architecture (GEA), has therefore been prepared in accordance with KEBS standards development guidelines.
The Authority has the oversight role and responsibility for management and enforcement of this standard. The review and approval of the standard is done by the ICTA Board upon recommendation of Standard Review Board. The Authority shall be carrying out quarterly audits in all the Ministries, Counties, and Agencies (MCA) to determine their compliance to this Standard.
The Authority will issue a certificate of compliance to agency upon completion of the audit assessment. For non-compliant agencies, a report detailing the extent of the deviation and the prevailing circumstances shall be tabled before the Standards Review Board who will advise on action to take.
All government agencies are required to ensure full compliance to this standard for effective and efficient service delivery to the citizen. The compliance period is six months from the effective date.
Kipronoh Ronoh P.Director, Programmes and Standards
8
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
INTRODUCTION
An end user device is a personal computer (desktop or laptop), consumer device (e.g., personal digital assistant (PDA), smart phone), or removable storage media (e.g., USB flash drive, memory card, external hard drive, writeable CD or DVD) that can collect, process or store information. Government employees are provided access to these technologies to support administrative functions and improve MCA effectiveness. Government’s aim is that as much as possible, the public sector workforce will be able to work from any location on any suitable government or non-government end user device.However, the nature of laptops, mobile devices, and other end user devices makes it extremely challenging to manage them. Due to the pervasive nature of end user devices, government faces security challenges, substandard devices and challenges of and disposal.The rationale for end user devices standard is: • Ensuring MCAs receive value for money • Ensuring compatibility and interoperability both with and across MCAs • Easy maintenance • Ensure cost effective use by sharing where possible. • Assuring consistency in equipment performance • Maximize the equipment functionality • Improve end-user performance and experience • Guide procurement and disposal The standard defines minimum government requirements for end user computing services. It provides technical guidance to MCAs when implementing end user computing internally and when they are procuring these services. It details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, ensuring agencies can take full advantage of the benefits of end user computing services.
This standard shall be applied along with existing standards, policies and guidance that make up the government enterprise architecture including the Information Security standard.MCAs must carefully consider their obligations to manage government data and information. Contract arrangements and business processes should address requirements for data security, privacy, access, storage, management, retention and disposal. ICT systems and services should support data exchange, portability and interoperability.
9
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
SCOPE
This ICTA Standard establishes guidelines for security, acquisition, support and disposal of all end user devices and services. End user devices may include MCA approved desktops, laptops, smart phones, tablets, digital cameras, scanners, external storage devices, barcode readers, automated fingerprint readers or any other IT equipments used by an end user to perform their statutory functions and duties. This is a minimum standard; however all end user devices with specifications higher than those detailed in this standard may be procured after a comprehensive business justification.ICT Authority shall develop and update the minimum specifications, of all categories of equipment on a regular basis, to ensure that prevailing state-of-the-art equipments are acquired for the purpose of enhancing value for money/cost effectiveness, extended useful life, and matching the equipment with the required function. The ICT personnel shall enforce these standard specifications and give advice where specifications above the minimum are required.
APPLICATION
This standard will be applicable to the following:• Central Government of ICTA• County Governments• Constitutional Commissions• State Corporations
NORMATIVE REFERENCES
The following standards contain provisions which, through reference in this text, constitute provisions of this standard. All standards are subject to revision and, since any reference to a standard is deemed to be a reference to the latest edition of that standard, parties to agreements based on this standard are encouraged to take steps to ensure the use of the most recent editions of the standards indicated below. Information on currently valid national and international standards can be obtained from Kenya Bureau of Standards• ITIL V3• NISTSpecialPublication800-111• Public Procurement and Disposal Act & Regulations• Other procurement guidelines released by the Public Procurement Oversight Authority, from
time to time.• NEMA E-waste guidelines• GoK Information security standard
10
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
DEFINITIONS
MCA-Issued DevicesThe concept of issuing a device to users for them to interact with an enterprise’s data
Non-MCA Issued DevicesThe concept of allowing a user’s mobile device to store and interact with an enterprise’s data
Personal Communication Devices (PCDs)For the purpose of this policy, PCDs are defined to include handheld wireless devices, cellular telephones, laptop wireless cards and pagers.
DecommissioningWithdraw an end user device from service.
Data- in- transit protectionData in Transit is defined into two categories, information that flows over the public or untrusted network such as the internet and data which flows in the confines of a private network such as a corporate or enterprise Local Area Network (LAN).
Data- at-rest protectionIs a term referring to inactive data which is stored physically in any digital form (e.g. databases, data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices etc.).
Full disk encryption (FDE)Full disk encryption (FDE), also known as whole disk encryption, is the process of encrypting all the data on the hard drive used to boot a computer, including the computer’s OS, and permitting access to the data only after successful authentication to the FDE product.
Virtual disk encryption (FDE)Virtual disk encryption is the process of encrypting a file called a container, which can hold many files and folders, and permitting access to the data within the container only after proper authentication is provided, at which point the container is typically mounted as a virtual disk.
File/folder encryptionFile encryption is the process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided.
Single-factor authenticatorSingle-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.
Multi-factor authenticatorMultifactor authentication (MFA) is a security system that requires more than one form of authentication to verify the legitimacy of a transaction
11
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
ABBREVIATIONS
GWEA Government Wide Enterprise Architecture ICT Information and communication technologyICTA Information and Communication Technology AuthorityMCDAs Ministries, counties, Departments and AgenciesCIA Confidentiality, integrity and availabilityBYOD Bring your own device
12
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
SUB DOMAINS
The following are the sub domains covered under end user devices standard: • End user device security• Equipment acquisition• Equipment maintenance• Equipment disposalRequirementsThis section provides requirements that offer guidance in the acquisition, maintenance, disposal and security of all ICT equipment and services to ensure optimal use while leveraging on the Return of Investment in ICT to promote effectiveness and increase administrative efficiency in the public sector.
Table 1 – AcquisitionSubdomain Description Requirement
End user equipment procurement
Procurement of IT hardware, software and 3rd party services shall conform to Public Procurement & Disposal Act and relevant Government circulars. MCAs shall ensure that end user equipment procurement is done with the guidance of the ICT function and knowledge of the head of user department
Annex A.1
Technical specifications
MCAs shall ensure that acquisition of end user devices is based on the principles on Annex A.2. ICT personnel shall provide guidance and specifications in consultation with ICT Authority.
Annex A.2
Bring your own device
MCAs shall ensure appropriate use of devices brought by users to the organization
Annex A.3
Table 2 – MaintenanceSubdomain Description Requirement
Inventory MCAs shall ensure all end user devices are tracked and recorded
Annex B.1
Maintenance Schedule
MCAs shall establish a maintenance schedule to guarantee equipment maintenance
Annex B.2
Table 3 – DisposalSubdomain Description Requirement
Decommissioning MCAs shall take out of service any equipment that has reached its end of life
Annex C.1
Disposal mechanisms
MCAs shall utilize appropriate disposal mechanisms for the different types of end user equipment
Annex C.2
13
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Table 4 – Security (MCA-Issued Devices, Non-MCA Issued Devices)Subdomain Description Requirement
1 Data- in- transit protection
MCAs shall Protect data as it travels across unprotected bearers between the device and an enterprise network.
Annex D.1
2 Data- at- rest protection
MCAs shall implement strong data at rest protection using encryption algorithms.
Annex D.2
3 Authentication MCAs shall implement authentication to complement encryption
Annex D.4
14
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
ANNEXES
Annex A.1End user equipment procurementGeneral requirements
1. Requisition
2. Technical evaluation
MCAs shall have a hardware acquisition policy that guarantees:a. Procurement of ICT equipment shall be channeled through the Head of ICT
Unit who shall be responsible for the preparation and issuance of all technical specifications for the equipment, as well as ensuring that the guidelines stipulated herein are adhered to.
b. MCAs shall use requisition and acceptance forms to ensure that requests for procurement of ICT equipment are validated by the respective Heads of Department.
c. Personal Communication Devices (PCDs) shall be issued only to personnel with duties that require them to be in immediate and frequent contact when they are away from their normal work locations. Effective distribution of the various technological devices must be limited to persons for whom the productivity gained is appropriate in relation to the costs incurred.
d. Handheld wireless devices may be issued, for operational efficiency, to personnel who need to conduct immediate, critical MCA business. These individuals generally are at the executive and management level. In addition to verbal contact, it is necessary that they have the capability to review and have documented responses to critical issues.
a. ICT equipment that does not meet industry and safety standards is prohibited from being deployed.
b. Technical evaluation shall be undertaken to ensure that the equipment is fit for the purpose intended and that it meets the required specifications.
c. MCAs shall ensure that the Head of ICT Unit is involved in the technical evaluation and inspection processes.
d. All donations shall be required to meet the minimum specifications. e. Further, all equipments and assets whether new, transferred and/or written
off, shall be recorded by the ICT Unit for audit and other asset managerial purposes.
f. The Head of ICT Unit shall ensure that agreements on warranty and guarantees are provided and shall also oversee their administration. The minimum warranty for all ICT equipment shall be one year and three years for servers.
g. The Head of ICT Unit shall ensure that warranty agreements and guarantees are provided and also oversee administration of the same. The minimum warranty for all ICT equipment shall be one year, and three years for servers. All warranties shall be in writing.
h. Before installation, the equipment must be tested to ensure they work as required.
i. The equipment shall be used for the intended purpose. j. Associated licensing for the equipment need to be validated. k. Only qualified personnel shall be allowed to install the ICT equipment l. The installation of ICT equipment shall adhere to the OEM instructions. m. Only trained and qualified personnel will be allowed to operate the ICT
equipment n. ICT equipment shall be operated within recommended environmental conditions
of temperature, humidity, etc. o. Access and maintenance of equipment shall only be carried by authorised and
accredited personnel.p. All new PCs and Notebooks are to be supplied with the software installations
shown in Appendix II and III:
15
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Annex A.2 Technical SpecificationsGeneral requirements
Technical specifications principles
When developing specifications, the following equipment considerations shall be made; Total lifecycle: These specifications are meant to ensure that equipment acquired have useful life of not less than five years. Functionality: This intends to guarantee that operational requirements intended to be performed by ICT equipment can be achieved effectively and efficiently with the equipment specified. Security: This addresses the need to protect system data and equipment, and the operational environment from loss or compromise. Interoperability: This seeks to facilitate the exchange of information between potentially heterogeneous systems through conformance to open standards. Compatibility: This addresses the ability of ICT equipment components to effectively and efficiently work together in an integrated system. Scalability: This is intended to ensure that the acceptable ICT components enhance the ability of the equipment to support future growth and increased throughput. Availability: This seeks to maintain operational readiness through robust and/or redundant (e.g. fault tolerance) equipment. Accessibility: This addresses operational readiness that includes the ability of users and operators to access the equipment in a timely fashion, to perform its intended functions. Long-term support: This addresses the availability of vendor and/or internal support, including parts and labour. Upgradability: ICT component installations that need updates shall be updated according to the latest official versions available.Latest technology: This guarantees that the devices are based on the latest technology in the market
16
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Annex A.3: Bring your own device PolicyRequirement
1.General Considerations
• The use of personal devices shall be approved by the IT department of government;
• Personal devices shall be installed with government encryption softwares to limit transfer of government data to an unauthorised entities; and
• Personal devices shall have updated antivirus and licensed softwares/Employee productivity;
Annex B.1 InventoryGeneral requirements
• All equipment received through purchase or donation shall be tagged appropriately.
• All equipment and assets whether new, transferred and/or write-off shall be recorded by the ICT Unit for audit and other asset managerial purposes
• The inventory of ICT assets shall indicate product details (product number, serial number, part number, etc.), tracking information, maintenance schedules and warranty information.
• Officers exiting the MCA shall be required to surrender all ICT equipment in their custody to the ICT unit.
• MCAs shall endeavor to automate the end user equipment inventory.
17
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Annex B.2 MaintenanceGeneral requirements
i. ICT equipment maintenance may be done in-house by ICT Units where a maintenance function shall be established.
ii. Sub-contracting for maintenance shall be through appropriate justification and approval by the Accounting Officers in consultation with the ICT Unit. Due diligence shall be undertaken in engaging and retaining such contractors.
iii. The unit shall develop a schedule of maintenance for equipment as well as an equipment upgrading plan.
iv. MCAs shall ensure there are SLAs to guarantee maintenance of end user devices
v. MCAs shall ensure that end user devices are provided with clean power to protect against destruction by power flactuations and to provide least 15 minutes of standby power in the event of commercial power failure
vi. ICT unit shall ensure that the vendor’s SLAs terms are made to the satisfaction of MCA.
vii. The Head of ICT Unit shall prepare an annual maintenance report and forward it to the Accounting Officer.
viii. ICT Units shall undertake surveys to identify obsolete equipment for the purposes of disposal. Where such equipment contains data, that data shall be permanently erased using suitable mechanisms
ix. ICT Unit shall electronically track the physical locations and status of all equipment where possible.
x. The ICT unit shall draw up a maintenance schedule of all equipment under its custody. The schedule shall specify the frequency levels and type of maintenance for each type of equipment.
xi. In case of mission-critical equipment, users shall be notified of the maintenance in advance. The ICT unit shall ensure that the vendor’s SLAs terms are made to the satisfaction of MCA.
xii. ICT equipment maintenance shall consider routine/preventive, upgrade, and repair maintenance as may be required.
xiii. The ICT unit shall periodically conduct assessment/audit of ministry ICT equipment to ensure compliance with performance standards and requirements, and ensure equipment component parts are as indicated in the inventory.
18
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Annex C.1 DecommissioningGeneral requirements
Decommissioning is the formal termination of equipment and its removal from the IS operating environment. The ICT unit may decommission equipment that is no longer needed on it’s IS.
Equipment may be decommissioned if it meets one or more of the following criteria:
• Redundant equipment
• Change in IS architecture
• Technologically obsolete equipment Insufficient capacity to handle application and/or user requirements
• Where upgradability options have been exhausted
• Where equipment has become unsafe
a. Decommissioning of equipment shall be undertaken through committee.
b. Candidate equipment for decommissioning determined to be still useful and still meets the required safety standards may be reassigned to lesser demanding tasks or appropriate environment.
c. Decommissioned equipment that is no longer required shall be treated as candidate items for disposal.
Annex C.2 Disposal mechanismsGeneral requirements
1. Disposal Criteria
All Disposals must be guided by the Procurement Act and other applicable statutes
MCAs may dispose of equipment that it deems no longer useful. Identification of the equipment for disposal shall be based on the following criteria:
• Damaged beyond repair
• It cannot be upgraded
• If the repair cost is higher than the cost of buying a new one (cost will either exceed or is considerably close to the cost of acquiring a new replacement)
• If the parts and/or consumables are not available
• End of life and no longer supported by the OEM
a. Departments wishing to dispose of ICT equipment should seek advice from the ICT unit.
19
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
2. Disposal mechanisms
• When equipment is identified for disposal, all application software and data should be backed up and permanently erased from the equipment in accordance with the relevant regulations or guidelines. The inventory tags shall also be removed and destroyed while updating the inventory system.
• Equipment identified for disposal shall be handed over to the committee on disposal to be disposed of in accordance with the relevant disposal regulations.
• ICT equipment identified for disposal but deemed to be still usable may be transferred to other agencies and installed for low-end non-critical use where appropriate. Adherence to the statutes and regulations on disposal must always be observed.
• ICT equipment for disposal shall be tagged with the standard Government labelling conventions and appropriately physically secured.
• The ICT unit shall electronically keep an inventory of all the ICT equipment that has been disposed of.
• Equipment may be disposed of by Cannibalizing ICT equipment that cannot be used in whole. Such equipment may be cannibalized for those components. Proper records shall be kept to indicate where such components are used or stored.
3. Disposal Methods
The ICT Unit may recommend the following alternative methods for disposal to the Ministry: This shall be done in consultation with ICT Authority
• Donation: The MCA shall upon authority from the Accounting Officer donate identified equipment and components, to deserving Government institutions.
• Trashing: ICT equipment that cannot be sold and have no useful components, and are not worth donating, shall be trashed. Such equipment shall be forwarded to licensed e-waste handlers through the right disposal channels.
• Selling: All ICT equipment no longer of use to MCAs shall be sold wherever possible.
• Cannibalizing: ICT equipment that can neither be used in whole nor sold, but have useful components, shall be cannibalized for those components. Proper records shall be kept to indicate where such components are used or stored
20
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Annex D.1 Data- in- transit protection (MCA-Issued Devices, Non-MCA Issued Devices)General requirements Compliance
Yes No Comment
Remote end user devices accessing MCAs Security Gateway at the boundary of its enterprise network shall be configured in accordancewith the IPsec security standard
Independent formal assurance is required due to implementation errors and vulnerabilities often introduced despite vendor assertions to the contrary.
Annex D.2Data- at-rest protection (MCA-Issued Devices, Non-MCA Issued Devices)General requirements
The primary security controls for restricting access to sensitive information stored on end user devices are encryption and authentication. The characteristics of encryption technologies are as shown on Appendix IV.
When selecting storage encryption technologies, MCA shall take into consideration the extent to which each technology will require the infrastructure and end user devices to be changed.
Whenever possible, AES shall be used for the encryption algorithm because of its strength and speed. Algorithms are available for integrity checking, including HMAC-SHA, Cipher-Based Message Authentication Code (CMAC), and Counter with Cipher Block Chaining-Message Authentication Code (CCM).
When evaluating solutions, MCAs shall compare the loss of functionality with the gain in security capabilities and decide if the tradeoff is acceptable.
When selecting a storage encryption technology, MCAs shall consider solutions that use existing system features (such as operating system features) and infrastructure.
MCAs shall use centralized management for all deployments of storage encryption except for standalone deployments and very small-scale deployments.
MCAs shall ensure that all cryptographic keys used in a storage encryption solution are secured and managed properly to support the security of the solution.
MCAs shall select appropriate user authenticators for storage encryption solutions.
MCAs shall implement measures that support and complement stor-age encryption implementations for end user devices e.g Securing and maintaining end user devices properly, which should reduce the risk of compromise or misuse. This includes securing device operating systems, applications, and communications, and physically securing devices, mak-ing users aware of their responsibilities for storage encryption, such as encrypting sensitive files, physically protecting mobile devices and remov-able media, and promptly reporting loss or theft of devices and media.
21
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Encryption techniques
Full disk encryption (FDE) shall be used on laptops and desktops in view of the following considerations
- For a computer that is not booted, all the information encrypted by FDE is protected, assuming that pre-boot authentication is required.
- When the device is booted, then FDE provides no protection; once the OS is loaded, the OS becomes fully responsible for protecting the unencrypted information.
- The exception to this is when the device is in a hibernation mode; most FDE products can encrypt the hibernation file.
- FDE does not provide any protection for files copied or moved from the encrypted storage to another location (either local or on the network), because they automatically decrypt the files as part of the copy or move process.
Virtual disk encryption shall be used on all types of end user device storage in consideration of the following:
- When virtual disk encryption is employed, the contents of containers are protected until the user is authenticated for the containers.
- If single sign-on is being used for authentication to the solution, this usually means that the containers are protected until the user logs onto the device. If single sign-on is not being used, then protection is typically provided until the user explicitly authenticates to a container.
- Virtual disk encryption does not provide any protection for data out-side the container, including swap and hibernation files that could contain the contents of unencrypted files that were being held in memory.
- Volume encryption provides the same protection as virtual disk encryp-tion, but for a volume instead of a container.
- Volume encryption, does not provide any protection for files copied or moved from the encrypted storage to another location (either local or on the network), because they automatically decrypt the files as part of the copy or move process.
22
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
File/folder encryption shall be used on all types of end user devices in consideration of the following
- File/folder encryption protects the contents of encrypted files (in-cluding files in encrypted folders) until the user is authenticated for the files or folders.
- If single sign-on is being used, this usually means that the files are only protected until the user logs onto the device.
- If single sign-on is not being used, then protection is typically pro-vided until the user explicitly authenticates to a file or folder.
- File/folder encryption does not provide any protection for data out-side the protected files or folders, including swap and hibernation files that could contain the contents of unencrypted files that were being held in memory.
- File/folder encryption software also cannot protect the confidentiality of filenames and other file metadata, which itself could provide valu-able information to attackers (for examples, files that are named by Social Security number).
Shared end user devices
a. Implement volume, virtual disk, or file/folder encryption on the laptop.
b. Store the data on external media, such as a flash drive or external hard drive, and use volume, virtual disk, or file/folder encryption to protect the media
c. Store the data on a remote system and give the first user access to the data through secured means (e.g., VPN).
23
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Transferring files between computers,
a. Acquire and use a flash drive with self-contained storage en-cryption capabilities, such as encryption software and secure key storage.
b. Acquire a volume, virtual disk, or file/folder encryption solution that will work on both PCs, and deploy it. Encrypt the docu-ments using the solution and store the encrypted data on a flash drive.
c. Deploy virtual disk or file/folder encryption software to the user and contractor’s computers. Encrypt the data using the software and burn the encrypted data onto CDs or DVDs.
d. Acquire USB flash drives or external hard drives that have built-in stor-age encryption capabilities.
e. Store the copies of the data on the encrypted drives.
Sharing data with a contractor Acquire USB flash drives or external hard drives. Deploy virtual disk,
volume, or file/folder encryption software to the user and contractor’s computers. Encrypt the data using the software and store it on the drives.
Travelling with a laptop
a. Use the laptop’s OS access control features to strictly limit where the user can save files. Implement volume, virtual disk, or file/folder encryption on the laptop to protect the user’s files.
b. Implement FDE on the laptop, and require pre-boot authentication.
c. Provide the user with a loaner laptop when needed for travel. Protect the user’s sensitive data on the laptop using either of the methods described above. When the user returns from travel, wipe and rebuild the loaner laptop to remove any traces of sensitive data from it. Using a loaner laptop in this way is particularly helpful if the laptop is being used in hostile environments, where the laptop is at greater risk of being compromised.
24
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Implementing encryption
i. Identify Needs. The first phase involves identifying the needs to encrypt storage on end user devices, determining which devices and data need protection, and identifying related requirements (e.g., minimum performance). This phase also involves determining how that need can best be met (e.g., FDE, virtual disk encryption) and deciding where and how the security should be implemented.
ii. Design the Solution. The second phase involves all facets of designing the solution. Examples include architectural considerations, authentication methods, cryptography policy, and supporting security controls.
iii. Implement and Test a Prototype. The next phase involves implementing and testing a prototype of the designed solution in a lab or test environment. The primary goals of the testing are to evaluate the functionality, performance, scalability, and security of the solution, and to identify any issues with the components, such as interoperability issues.
iv. Deploy the Solution. Once the testing is completed and all issues are resolved, the next phase includes the gradual deployment of the storage encryption technology throughout the enterprise.
v. Manage the Solution. After the solution has been deployed, it is managed throughout its lifecycle. Management includes maintenance of the storage encryption components and support for operational issues. The lifecycle process is repeated when enhancements or significant changes need to be incorporated into the solution.
Further details on Storage Encryption Technology Planning and Implementation are on Appendix V
Other acceptable methods of encryption are as shown on Appendix VI
Annex D.3Authentication (MCA-Issued Devices, Non-MCA Issued Devices)General requirements
a. MCAs shall be guided by Appendix V when implementing authentication
b. MCAs shall carefully consider the security implications of using the same single-factor authenticator for multiple purposes. In particular, organizations should not use email passwords and other passwords sometimes transmitted. .Using a single-factor authenticator for multiple purposes significantly weakens the protection that authentication provides
25
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
c. MCAs also need to ensure that the storage encryption authenticators are protected properly. This includes both technical mechanisms, such as encrypting passwords or storing cryptographic hashes of passwords, and operational and management mechanisms.
d. Organizations shall determine how the loss of authenticators (both user and administrator-level) will be handled before implementing storage encryption.
e. Organizations shall consider the tradeoff between availability and security when selecting and planning recovery mechanisms
26
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
APPENDICES
Appendix 1: Compliance Checklists
Compliance Checklists for end user equipment Acquisition
Yes No Comments
There is a policy on hardware acquisition?
ICT equipment that does not meet industry and safety standards is prohibited from being deployed?
Technical specifications are provided by the ICT function in consultation with ICT Authority?
Technical evaluation is undertaken to ensure that the equipment is fit for the purpose intended and that it meets the required specifications?
MCAs ensures that the Head of ICT Unit is involved in the technical evaluation and inspection processes?
All donations are required to meet the minimum specifications?
Further, all equipments and assets whether new, transferred and/or written off, are recorded by the ICT Unit for audit and other asset managerial purposes.
The Head of ICT Unit ensures that agreements on warranty and guarantees are provided and also oversee their administration?
The minimum warranty for all ICT equipment is one year and three years for servers?
Before installation, the equipment is tested to ensure they work as required?
The equipment are used for the intended purpose?
Associated licensing for the equipment are validated?
Only qualified personnel are allowed to install the ICT equipment?
The installation of ICT equipment adhere to the OEM instructions?
Only trained and qualified personnel are allowed to operate the ICT equipment?
27
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
ICT equipment is operated within recommended environmental conditions of temperature, humidity, etc?
Access and maintenance of equipment is carried outby authorised and accredited personnel.
All new PCs and Notebooks are to be supplied with the software installations shown in Appendix II and III
The use of personal devices are approved by the IT department of government;
Personal devices are installed with government encryption softwares to limit transfer of government data to an unauthorised entities; and
Personal devices are updated antivirus and licensed softwares Employee productivity
Compliance Checklists for InventoryYes No Comments
All equipment received through purchase or dona-tion are tagged appropriately?
All equipment and assets whether new, transferred and/or write-off shall be recorded by the ICT Unit for audit and other asset managerial purposes ?
The inventory of ICT assets indicates product details (product number, serial number, part number, etc.), tracking information, maintenance schedules and warranty information.
Officers exiting the MCA are required to surrender all ICT equipment in their custody to the ICT unit.
MCAs endeavor to automate the end user equipment inventory.
Compliance Checklists for Maintenance ScheduleYes No Comments
ICT equipment maintenance is done in-house by ICT Units where a maintenance function is established?
Sub-contracting for maintenance is done through appropriate justification and approval by the Accounting Officers in consultation with the ICT Unit?
Due diligence is undertaken in engaging and retaining such contractors?
28
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
The ICT unit has developed a schedule of maintenance for equipment as well as an equipment upgrading plan.
MCAs ensures there are SLAs to guarantee maintenance of end user devices
ICT unit ensures that the vendor’s SLAs terms are made to the satisfaction of MCA.
The Head of ICT Unit has prepared an annual maintenance report and forward it to the Accounting Officer.
ICT Units has undertaken surveys to identify obsolete equipment for the purposes of disposal?
Where such equipment contains data, that data is permanently erased using suitable mechanisms?
ICT Unit electronically tracks the physical locations and status of all equipment where possible?
The ICT unit has draws up a maintenance schedule of all equipment under its custody?
The schedule specifies the frequency levels and type of maintenance for each type of equipment?
In case of mission-critical equipment, users are notified of the maintenance in advance?
The ICT unit ensures that the vendor’s SLAs terms are made to the satisfaction of MCA?
ICT equipment maintenance considers routine/preventive, upgrade, and repair maintenance as may be required.
The ICT unit periodically conducts assessment/audit of ICT equipment to ensure compliance with performance standards and requirements, and ensure equipment component parts are as indicated in the inventory?
Compliance Checklists for DecommissioningYes No Comment
Decommissioning of equipment is undertaken through a committee?
Candidate equipment for decommissioning determined to be still useful and still meets the required safety standards is reassigned to lesser demanding tasks or appropriate environment
Decommissioned equipment that is no longer required is treated as candidate items for disposal.
29
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Compliance Checklists for Disposal mechanisms
Yes No Comment
Departments wishing to dispose of ICT equipment seek advice from the ICT unit.
When equipment is identified for disposal, all application software and data is backed up and permanently erased from the equipment in accordance with the relevant regulations or guidelines.
The inventory tags are also be removed and destroyed while updating the inventory system.
Equipment identified for disposal are handed over to the committee on disposal to be disposed of in accordance with the relevant disposal regulations?
ICT equipment identified for disposal but deemed to be still usable are transferred to other agencies and installed for low-end non-critical use where appropriate?
Adherence to the statutes and regulations on disposal isobserved?
ICT equipment for disposal are tagged with the standard Government labelling conventions and appropriately physically secured?
The ICT unit electronically keep an inventory of all the ICT equipment that has been disposed of?
Equipment is disposed of by Cannibalizing ICT equipment that cannot be used in whole? Proper records are kept to indicate where such components are used or stored.
Appriopriate disposal mechanisms are recommended by the ICT unit e.g donation,selling, trashing, cannibalization
Compliance checklist for Data- in- transit protection (MCA-Issued Devices, Non-MCA Issued Devices)
General requirements Compliance
Yes No Comment
Remote end user devices accessing MCAs Security Gateway at the boundary of its enterprise network are configured in accordancewith the IPsec security standard
Independent formal assurance is conducted due to implementation errors and vulnerabilities often introduced despite vendor assertions to the contrary.
30
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Compliance checklist Data- at-rest protection (MCA-Issued Devices, Non-MCA Issued Devices)
General requirements
The primary security controls for restricting access to sensitive information stored on end user devices are encryption and authentication. The characteristics of encryption technologies are as shown on Appendix IV.
Compliance
Yes No Comment
When selecting storage encryption technologies, MCA takes into consideration the extent to which each technology will require the infrastructure and end user devices to be changed.
AES is used for the encryption algorithm whenever possible because of its strength and speed.
When evaluating solutions, MCA compares the loss of functionality with the gain in security capabilities and decide if the tradeoff is acceptable.
When selecting a storage encryption technology, MCA considered solutions that use existing system features (such as operating system features) and infrastructure.
MCA uses centralized management for all deploy-ments of storage encryption except for standalone deployments and very small-scale deployments.
MCA ensures that all cryptographic keys used in a storage encryption solution are secured and man-aged properly to support the security of the solution.
MCAs has selected appropriate user authenticators for storage encryption solutions.
MCAs has implemented measures that support and complement storage encryption implementations for end user devices e.g Securing and maintaining end user devices properly, which should reduce the risk of compromise or misuse. This includes securing device operating systems, applications, and communications, and physically securing de-vices, making users aware of their responsibilities for storage encryption, such as encrypting sensi-tive files, physically protecting mobile devices and removable media, and promptly reporting loss or theft of devices and media.
31
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Encryption techniques
Full disk encryption (FDE) is used on laptops and desktops in view of the following considerations
- For a computer that is not booted, all the information encrypted by FDE is protected, assuming that pre-boot authentication is required.
- When the device is booted, then FDE provides no protection; once the OS is loaded, the OS becomes fully responsible for protecting the unencrypted information.
- The exception to this is when the device is in a hibernation mode; most FDE products can encrypt the hibernation file.
- FDE does not provide any protection for files copied or moved from the encrypted storage to another location (either local or on the net-work), because they automatically decrypt the files as part of the copy or move process.
32
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Virtual disk encryption is used on all types of end user device storage in consideration of the following:
- When virtual disk encryption is employed, the contents of containers are protected until the user is authenticated for the containers.
- If single sign-on is being used for authentica-tion to the solution, this usually means that the containers are protected until the user logs onto the device. If single sign-on is not being used, then protection is typically provided until the user explicitly authenticates to a container.
- Virtual disk encryption does not provide any protection for data outside the container, in-cluding swap and hibernation files that could contain the contents of unencrypted files that were being held in memory.
- Volume encryption provides the same protec-tion as virtual disk encryption, but for a volume instead of a container.
- Volume encryption, does not provide any protection for files copied or moved from the encrypted storage to another location (either local or on the network), because they auto-matically decrypt the files as part of the copy or move process.
33
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
File/folder encryption is used on all types of end user devices in consideration of the following
- File/folder encryption protects the contents of encrypted files (including files in encrypted folders) until the user is authenticated for the files or folders.
- If single sign-on is being used, this usually means that the files are only protected until the user logs onto the device.
- If single sign-on is not being used, then protection is typically provided until the user explicitly authenticates to a file or folder.
- File/folder encryption does not provide any protection for data outside the protected files or folders, including swap and hibernation files that could contain the contents of unen-crypted files that were being held in memory.
- File/folder encryption software also cannot protect the confidentiality of filenames and other file metadata, which itself could provide valuable information to attackers (for exam-ples, files that are named by Social Security number).
Shared end user devices
– Implemented volume, virtual disk, or file/fold-er encryption on the laptop.
– Data is stored on external media, such as a flash drive or external hard drive, and uses volume, virtual disk, or file/folder encryp-tion to protect the media
– Data is stored on a remote system and give the first user access to the data through secured means (e.g., VPN).
34
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Transferring files between computers,
– Acquired and uses a flash drive with self-contained storage encryption capabilities, such as encryption software and secure key storage.
– Acquired a volume, virtual disk, or file/fold-er encryption solution that works on both PCs. Encrypted the documents using the solution and stored the encrypted data on a flash drive.
– Deployed virtual disk or file/folder encryption software to the user and contractor’s computers. Encrypt the data using the software and burn the encrypted data onto CDs or DVDs.
– Acquired USB flash drives or external hard drives that have built-in storage encryption capabilities.
– Stored the copies of the data on the encrypted drives.
Sharing data with a contractor
Acquired USB flash drives or external hard drives. Deploy virtual disk, volume, or file/folder encryption software to the user and contractor’s computers. Encrypted the data using the software and store it on the drives.
35
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Travelling with a lap-top
– Uses the laptop’s OS access control features to strictly limit where the user can save files. Implement volume, virtual disk, or file/folder encryption on the laptop to protect the user’s files.
– Implemented FDE on the laptop, and require pre-boot authentication.
– Provided the user with a loaner laptop when needed for travel. Protected the user’s sensitive data on the laptop using either of the methods described above. When the user returns from travel, wipes and rebuilds the loaner laptop to remove any traces of sensitive data from it.
36
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Authentication (MCA-Issued Devices, Non-MCA Issued Devices)
General requirements Compliance
Yes No Comment
a. MCA has carefully considered the security implications of using the same single-factor authenticator for multiple purposes. In particular, organizations should not use email passwords and other passwords sometimes transmitted. .Using a single-factor authenticator for multiple purposes significantly weakens the protection that authentication provides
b. MCA has ensured that the storage encryption authenticators are protected properly. This includes both technical mechanisms, such as encrypting passwords or storing cryptographic hashes of passwords, and operational and management mechanisms.
c. MCA has determined how the loss of authenticators (both user and administrator-level) will be handled before implementing storage encryption.
d. MCA has considered the tradeoff between availability and security when selecting and planning recovery mechanisms
37
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
APPENDIX 2: ICT Minimum Hardware Specifications
The Specifications are subject to change as technology changes
RT SURFACE TABLETDISPLAY • Resolution:1366 x 768
• Touchscreen: Multi-Touch
• Multi-Touch Display: Yes
• Diagonal Size:10.6 in
• Diagonal Size (metric):26.9 cm
• Native Resolution:1366 x 768
• Features:5-point multi-touch, ClearType HD
MISCELLANEOUS • Sensors: accelerometer, ambient light sensor, digital compass, magnetometer, three-axis gyro sensor
• Features: Expandable storage, Front camera, Rear camera, Micro HDMI, Full USB
• Color: dark titanium
Color Category: Gray
PROCESSOR • Processor: NVIDIA Tegra 3
• Clock Speed:1.3 GHz
• Number of Cores: Quad-Core
• Type: Tegra 3
• Manufacturer: NVIDIA
MEMORY • Storage:64 GB
COMMUNICATIONS Wireless Protocol: 802.11a/b/g/n, Bluetooth 4.0 EDR
CAMERA • Rear-facing Camera: 0.9 Megapixel
• HD Video Recording :720p
NETWORKING • Wireless Connectivity: Bluetooth 4.0 EDR, IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n
MULTIMEDIA • Audio:
Two microphones , stereo speakers
38
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
BATTERY • Standby Time: 168 - 360 h
• Run Time (Up To):8 sec
• Capacity: 31.5 Wh
SYSTEM • Platform: Windows
• Handheld Type: tablet
EXPANSION AND CONNECTIVITY
• - Expansion Slots:
1 x microSDXC
• - Interfaces:
1 x USB 2.0 1 x headset 1 x Micro-HDMI 1 x dock
FEATURES • Sensors:accelerometer, ambient light sensor, digital compass, magnetometer, three-axis gyro sensor
RAM • Installed Size:2 GB
FLASH MEMORY • Installed Size:64 GB
CARD READER • Slots (for SD): microSD slot
• Supported Flash Memory Cards: microSD, microSDHC, microSDXC
DIGITAL CAMERA • Cameras (for SD): rear camera + front camera
• Rear-facing Camera: Yes
• Rear-facing Camera Resolution: 0.9
• HD Video Recording: 720p
AUDIO OUTPUT • Type: stereo speakers
AUDIO INPUT • Type: two microphones
39
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
OS PROVIDED • Type: Microsoft Windows RT
POWER DEVICE • Type: power adapter
EXPANSION SLOTS • Type: microSDXC
• Total Qty: 1
INTERFACE PROVIDED
• Interface: Micro-HDMI, USB 2.0, dock, headset
• Qty:1, 1, 1, 1
PDA SOFTWARE • Type: Bing Bar, Games, Internet Explorer 10, Microsoft Office 2013 Home and Student RT Preview, SkyDrive, Video, Windows Mail and Messaging, Xbox Music
DIMENSIONS & WEIGHT
• Width: 10.8 in
• Depth: 0.4 in
• Height: 6.8 in
• Weight: 23.98 oz
SERVICE & SUPPORT
• Type:1 year warranty
SERVICE & SUPPORT DETAILS
• Type: limited warranty
• Full Contract Period:1 year
Teacher Digital Device (TDD)Feature Specifications
Weight Max 3kg fully assembled
Display Min 300 nits
Min 12”, 1280x800
Memory Min 2 GB
Storage Min 500 GB
Ruggedness Min International Protection rating of IP41
Min Drop test 50 cm
Battery Min 6 hours
Max 80 Whrs
In built battery. Removable by teacher without the use of a tool e.g. screw driver or Allen key
Processor Min 1.6GHz clock speed
40
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
I/O ports 1 x micro SD card slot
1 x microphone jack
1 x headphone jack
1 x USB port
1 x HDMI port
1 x VGA port
Keyboard In built QWERTY keyboard
Camera Min Video 720p, 1 MP
Sound In-built speaker
Networking 802.11 a/b/g/n Wi-Fi
Bluetooth
Branding/Tagging
Unique manufacturer serial number
GoK issued unique asset tag
GoK branding embedded on all sides of external casing
Colour Blue: Pantone 7460C, RGB 0.174.239 ,Hex #00AEEF
Dimensions Max 300mm x 200mm x15mm
Charging mechanism
240V 50Hz ±20%
3 pin plug with fuse and earth
Operating system
secure industry standard OS
End point security software
Antivirus and antimalware functionality
Installed Applications
HTML5 compatible browser.
cost free PDF document reader.
cost free productivity suites.
41
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Learner Digital Device (LDD)Feature Specifications
Weight Max 2kg fully assembled
Display Min 250 nits
Min 10”, 1280x800
Memory Min 1 GB
Storage Min 64 GB
Ruggedness Min International Protection rating of IP41
Min Drop test 50 cm
Battery Min 6 hours
Max 30 W hrs
Not easily removable
Processor Min 1.0 GHz clock speed
I/O ports 1 x micro SD card slot
1 x microphone jack
1 x headphone jack
1 x USB port
Keyboard QWERTY keyboard , Ruggedness
Camera Min Video 720p, 1 MP
Sound In-built speaker
Networking 802.11 a/b/g/n (Wi-Fi)
Bluetooth
Branding/Tagging
Unique manufacturer serial number
GoK issued unique asset tag
GoK branding embedded on all sides of external casing
Colour luminous green: Pantone 389C, RGB 193.217.79, CMYK 29.0.86.0, Hex #C1D94F
Dimensions Max 300mm x 200mm x15mm
Charging mechanism
240V 50Hz ±20%
3 pin plug with fuse and earth
Operating system
secure industry standard OS
Warranty Min 1 yr
End point security software
Antivirus and antimalware functionality
42
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Special Needs Education Learner Digital Device (SNELDD)Feature Specifications
Weight Max 2kg fully assembled
Display Min 250 nits
Min 14”, 1280x800
Inbuilt features to adjust screen resolution, contrast and brightness to fit learners with special needs.
Memory Min 1 GB
Storage Min 64 GB
Ruggedness Min International Protection rating of IP41
Min Drop test 50 cm
Battery Min 6 hours
Max 30 W hrs
Requires a tool in order to be removed
Processor Min 1.0 GHz clock speed
I/O ports 1 x micro SD card slot
1 x microphone jack
1 x headphone jack
1 x USB port
Keyboard Full size, in-built QWERTY keyboard
Separate number
Braille incorporated in the keyboard.
Large printed keys
Camera Min Video 720p, 1 MP
Sound In-built speaker
Networking 802.11 a/b/g/n (Wi-Fi)
Bluetooth
Branding/Tagging Unique manufacturer serial number
GoK issued unique asset tag
GoK branding embedded on all sides of external casing
Bright primary colours for learner device; identifiable but not loud
43
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Dimensions Max 300mm x 200mm x15mm
Charging mechanism 240V 50Hz ±20%
3 pin plug with fuse and earth
Operating system secure industry standard OS
Warranty Min 1 yr
End point security software
Antivirus and antimalware functionality
Accessories Adjustable over the ear earphones/headphones.
30mm Jack
15-28,000Hz
Applications Screen magnifiers
Screen readers
JAWs (Windows) NVDA linux.
Note taker- to pick up voice from the surroundings and convert to text
Webcam HD Webcam
Table Braille EmbosserFeature Specifications
Speed J100 characters per second
Printing Should support single-sided and double sided printing
Braille font 2.5 mm
Forming method 42 hammers
Tactile resolution Min 50 dpi
User interface Audio / speech feedback.
Braille panel
LED status
Sound signaling
44
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Ports Serial port
Parallel
USB
Printer drivers Drivers must be included where applicable
Power 220-240 V AC
100 W
3 pin plug
Braille dot Library of congress standard
Braille cells Min 6 cell
Paper type Min 11 x 11.5”
Paper weight Min 120- g/m traditional Braille paper (recommended)
Software Braille translation software –(Duxbury braille translator)
Firmware Required
Digital Content Server & Wireless Router (DCSWR)Feature Specifications
Storage Min 3 TB
Memory Min 2 GB
Ruggedness Min International Protection rating of IP41
Processor Min 800 MHz
I/O ports 1 x USB
1 x micro SD card slot
Power consumption Max 250 W
Battery Min 4 hrs.
LAN Min 1 x Ethernet port
Simultaneous users Min 50
WAN Technologies 2G
3G
LTE
45
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Branding/Tagging Unique manufacturer serial number
GoK issued unique asset tag
GoK branding embedded on all sides of external casing
Bright primary colours for learner device; identifiable but not loud
Operating system secure industry standard OS
Security software Antivirus and antimalware functionality
ProjectorFeature Specifications
Resolution Min XGA Display(1024x768)
Brightness Min 2500 ANSI Lumens
Contrast Ratio Min 3000:1
Input ports VGA
HDMI
Weight Max 3 Kg
Power consumption Max 300 W
Auto lamp dimming
Lamp life Min 5,000 hours
DESKTOP COMPUTER
ITEM MINIMUM REQUIREMENT
Processor & Core Logic
Intel Core i5dual core/4M/73W/processor (2.30-GHz, 2 MB L2 cache, 1066-MHz FSB) or HigherLGA 1156
System Memory Standard 4 GB, Upgradeable to at least 8 GB
Storage Subsystem At least 500 GB 7200 rpm SATA 3.0
Form Factor Micro TowerAll-in-One
Display/Graphics 17” TFT Flat panel Color LCD, Same brand as CPU1024x768(16:9), with EnergyStar rating
Optical Drives 16X Dual LayerDVD+/-RW
Keyboard and Pointing Device
1 x USB Enhanced keyboard1 x USB Optical Wheel Mouse
Audio Stereo audio system with 2 speakers
2 x Audio ports: headphone and microphone
Communication interface
Intel® 82578DM, 10/100/1000 MbpsGigabit Ethernet56K ITU V.90 data/fax modem, wake-on-ring ready
46
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
I/O interface ports 6 x High speed USB 2.0 (2 front/4 rear)
1 x 25 Pin Parallel Port
1Xrj45 jack for Ethernet
1 x External VGA-in Port
Operating System Genuine Windows® 7 Professional (64-bit) pre-installed (OEM media for OS and Drivers supplied by vendor, (with licensed CD or back up CD)
Software Latest Version, MS Office 2007 licensed with CDsLatest Version of anti-virus with licensed CDs
Power supply 220 – 240 VAC , 50/60 Hz(auto-sensing)
Warranty One (1) Year
Original detailed and highlighted Brochures MUST be submitted
LAPTOP COMPUTER
ITEM REQUIREMENT
Processor & Core Logic
Intel(R) Core(TM) i5-370M Dual Core processor (2.40GHz, 3MB L3 Cache FSB) or higher
System Memory Standard 4 GB, Upgradeable to at least 8 GB
Storage Subsystem At least 500GB 7200 rpm SATA 3.0
Optical Drives 16X 9.5mm DVD+/-RWmultiburner
Keyboard and Pointing Device
Enhanced keyboardUSB Optical Wheel Mouse
Audio Stereo audio system
combo microphone in/audio out
Communication interface
10/100 /1000 Mbs Gigabit Ethernet
802.11 a/g/n (WPA2 Enterprise-compatible)
I/O interface ports Atleast 3 USB 2.0 ports
1Xrj45 jack for Ethernet
1 x External VGA Port / HDMI port
Operating System Genuine Windows® 7 Professional 64-bit, (with licensed CD or back up CD)
Software Latest Version, MS Office 2007 licensed with CDsLatest Version of anti-virus with licensed CDs
Accessories Executive leather carry case
47
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Power subsystem Power management standard to support standby and Hibernation power saving modes6-cell 60Wh battery pack, 4 hours Batter life;1 AC Power Connector
Warranty One (1) Year
Original detailed and highlighted Brochures MUST be submitted
MAC LAPTOP COMPUTER
ITEM REQUIREMENT
Processor & data bus Intel Core i5 3.20GHz, with 4MB shared L3 cache; 1066MHz –data Bus
System Memory Standard 4GB, Upgradeable to 8 GB DDR3 SDRAM –1066MHz
Storage Subsystem 300GB – serial ATA–7200rpm hard drive, Dual Layer 16X DVD+/-RW
Power System Power management standard to support standby and Hibernation power saving modes6-cell 60Wh battery pack, 4 hours Batter life(when unplugged); 1 AC Power Connector
Display/Graphics 15.4” TFT Colour LCD, LCD display at 1440 x 900GDDR3 SDRAM 254MB
Keyboard and Pointing Device
84/85/88 Key, Built-in pointing device, 12 function keys, 4 cursor keysEmbedded numeric pad
Audio PCI 3D audio system, sound card, Built in Microphone2 external speakers same brand as laptop
Communication interface
10/100/1000 Mbps Gigabit Ethernet, RJ 45 jack, 802.11 a/g/n (WPA2 Enterprise-compatible)
I/O interface ports 1 x audio –SPDIF Input
1 X Audio – SPDIF output
1 x 9 Pin Serial Port
1 x 25 Pin Parallel Port
4 x USB Port
1 x External VGA Port
Operating System Apple Mac OS X v10.6
Accessories Carry Case, Mouse
Warranty One (1) Year
Original detailed and highlighted Brochures MUST be submitted
48
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
NOTEBOOK COMPUTERS
ITEM REQUIREMENTS
Processor and Duo core
At least 2.0 GHz Intel Pentium M L2 Cache or equivalent
System Memory
Standard 4GB SDRAM Upgradeable to 8 GB
Storage320 GB HDD
DVD-RW
Power System
Power management standard to support standby and Hibernation power saving modes
60 Wh battery Pack,
At least 4 hour Battery life (when unplugged)
Display Graphics
14” TFT Color LCD, 1024 X 768
Keyboard and pointing device
Windows Keyboard
Built-in pointing device
12 function keys, 4 cursor keys
Audio PCI 3D Audio system
Communication interface
10/100/1000 Mbps Ethernet, RJ45 jack, Built-in Wireless connectivity facility, Bluetooth Wireless Technology, Webcam
I/O Interface
4xUSB 2.0 ports
1xExternal VGA or HDMI Port
1 AC Power Connector
Operating System
MS Windows 7 Professional Installed (Include Licensed CD) ,
Software
MS Office 2007 Professional installed & Licensed (Non OEM) Include Licensed CD
Include PDF reader & writer ,DVD/CD Burning Software, Media Playing Software
Most Current Antivirus Solution with current updates
Accessories Carry Case ,power adapters, external optical mouse
Warranty 1 Year Onsite Repair & Replace
Original detailed and highlighted Brochures MUST be submitted
49
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
TABLET COMPUTER
ITEM REQUIREMENTS
Notebook Tablet series Handwriting and voice recognition enabled through MS Windows 7 Professional. Handwriting must be digitized with an industry standard WACOM digitizer
Processor and core Logic Intel® Core™2 Duo Processor L7500 (2.2GHz, 4MB, 800MHz)
Weight 1.70 kg (3.5 lb) or (4.0 lb inclusive of accessories)
System Memory Up to 4GB PC2–5300/677MHz (3GB addressable with 32-bit OS)
Storage
160 GB HDD
External (DVD-ROM/CD-ROM) - RW.
Data Security with Embedded Security Subsystem (TCG)
Secure Digital card slot for options that enable storage expansion.
Power SystemPower management standard to support standby and Hibernation power saving modes
Battery life of up to 6.3 hours on 8-cell Li-lon Battery life
Display Graphics 12.1” TFT super-wide Angle with Anti-Reflective/Anti-Glare Protective Coatings Color LCD, 1024 X 768
Keyboard and pointing device
84/85/88 Key
Built-in pointing device
12 function keys, 4 cursor keys
Embedded numeric pad
AudioPCI 3D Audio system
Built-in microphone
Communication interface
10/100Mbps Ethernet, RJ45 jack(NIC), RJ-11 Port (Modem), Bluetooth and wireless Technology
I/O Interface
3xUSB ports
1xExternal VGA Port
1 AC power
Docking station with Parallel port, male serial port, vga connector, 2 USB ports, R-J45, R-J11(telecod connector)
Operating System MS Genuine Windows 7 Professional Installed (Include Licenced CD)
MS Office 2007 Professional installed & Licensed (Non OEM) Include CD
Include PDF reader & writer and Media Playing Softwares
Antivirus Solutions with most current updates.
Accessories
Fingerprint reader,
At least a 128 MB Graphics Accelerator 900
Carrying Case, power adapter and external optical mouse
Warranty 1 Year OnSite Repair & Replace
Original detailed and highlighted Brochures MUST be submitted
50
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
WALL MOUNTED LCD PROJECTOR
ITEM REQUIREMENT
Resolution XVGA (1024x768) pixel
Display Poly-Silicon TFTx3 with micro lens army
Brightness 3000 ANSI Lumens
Contrast Ratio 500:1
Video signals NTSC, PAL,SECAM
Input Signal Format Video: NTSC, SECAM, SVGA, RGB: VGA, SVGA, And XVGA.
Output Terminal 1xRGB, 1x Audio, Pc control, Screen control, 1xS-video
Audio 2x2.5 Watt Stereo
Aspect Ratio 4:3
Zoom / Focus Digital zoom
No. of Colours 16.7 million
Lens Powered Zoom and Focus
Image Size 100cm-700cm-diagonal
Connectivity 802.11b/g wireless
100/1000 Base-TX
USB
PCMCIA
Lamp 270 watt, 1500hours
Accessories Lens Cap, carry case, Computer VGA cable, product documentation set
Remote control Wireless remote for projector with pointer, source selection power, resize, mouse functions, volume, preset
Power supply 220-240v, 50/60HZ
Warranty At least 1Year
Original detailed and highlighted Brochures MUST be submitted
51
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
PORTABLE LCD PROJECTOR
ITEM REQUIREMENT
Display Technology 3LCD
Max number of colors 16.7 Million
Projector Brightness At least 2500 ANSI Lumens
Resolution At least 1024x768 Pixels
Supported Resolution Upto SXGA
Contrast Ratio 2000:1
Projection Lamp 170W UHE-E-TORL
Zoom / Focus Digital zoom
Throw ratio 1.45-1.96:1
Aspect ratio 4:3
Locking Type Adjustable Tripod stand screen at least (2032mm*1524mm)
Rated power supply 120-240 AC, 5 0/ 60 Hz (Auto voltage)
Accessories Premium carrying case, Installation CDs & manuals
Warranty One (1) year
Original detailed and highlighted Brochures MUST be submitted
52
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
LASERJET PRINTER
ITEM REQUIREMENT
Print Quality 1200 x 1200 dpi
Print Speed and throughput
Up to 45ppm black
Print technology Laser black
Memory 1gb or higher, expandable
Memory slots 2 x100 –pin DDR DIMM
Processor Speed At least 540Mhz
First page out Less than 8 sec
Languages PCL 5e,PCL 6, Postscript 3 emulation
Media Capacity 100 multipurpose tray500-sheet input trays
1 manual feeding tray including envelopes, labels, transparencies and special mediaOutput tray up to 300 sheets
Media Sizes Letter,legal,executive,A4and A3
Media types Plain paper, envelopes, transparencies, copier, bond (60 to 200 g/m2)
Duplex printing Automatic (standard)
Connectivity IEEE-1284 compliant bi-directional parallel port and/or Universal Serial Bus (USB)
RJ 45 Ethernet port
Hard disk 20Gb
Duty cycle 200,000 per month
Network Yes (Standard)
Compatibility Smart switch printer language sensing
Linux compatible standard
PCL XL emulation standard
Software Drivers for windows server 2003/2008/2010, Windows XP/2007/’7
Warranty One year
Original detailed and highlighted Brochures MUST be submitted
53
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
COLOR LASERJET PRINTER
ITEM REQUIREMENT
Print speed, black (best quality mode)
40ppm
Print speed, black (normal quality mode)
40 ppm
First page out (black) As fast as 10 sec
First page out (color) As fast as 10 sec
Monthly duty cycle Up to 100,000 pages
Print resolution, black Up to 600 x 600 dpi
Print resolution, color Up to 600 x 600 dpi
Ink cartridges 4 (1 each black, cyan, magenta, yellow); all pre-installed
Paper tray(s), minimum 3
Memory 256MB
Duplex Printing Automatic
Processor speed At least 533MHz
Print languages, standard PCL 6, PCL 5c, postscript level 3 emulation
Maximum Input capacity Up to 1100 sheets
Connectivity High Speed USB 2.0
Two enhanced input/output (EIO slots)
Gigabit Ethernet Print Server
Compatible operating systems Macintosh, Windows XP Professional; Windows 7); Windows Server 2003 (32/64 bit); Mac OS X v 10.2 or higher; Linux
Software included Print drivers and installation software on CD-ROM, PCL6, PostScript Level 3 emulation
Warranty One (1) Year
Original detailed and highlighted Brochures MUST be submitted
54
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
PRODUCTION SCANNER
ITEM REQUIREMENTS
Recommended Daily Volume
Unlimited
Throughput Speeds*
Up to 200 pages per minute/800 images per minute (Throughput speeds may vary depending on your choice of driver, application software, operating system and PC.)
*(200 dpi landscape, letter-size document)
Scanning Technology
Dual Tricolor Plus CCD; Grayscale output bit depth is 256 levels (8-bit); Color capture bit depth is 40-bit (10 bits per red, green, blue and black channels); Color output bit depth is 24-bit
Optical resolution
600 dpi
Illumination Dual Xenon lamps per side, mercury-free
Output resolution
Black and white: 200/240/300/400 dpi; Color/grayscale: 100/150/200/240/300 dpi
Maximum Document Size
305 mm x 863 mm (12 in. x 34 in.)
Minimum Document Size
64 mm x 64 mm (2.5 in. x 2.5 in.)
Paper Thickness and Weight
With standard feeder: 45 g/m² (12 lb) bond to 200 g/m² (110lb) index; With ultra-lightweight feeder: 25 g/m² (7 lb) rice paper to 75 g/m² (20 lb) bond
Feeder 500-sheet
Multi-feed Detection
Multi-feed detection with ultrasonic technology; three ultrasonic sensors that can work together or independently
Connectivity IEEE-1394 (FireWire) interface, 6-pin connector; IEEE-1394 card and cable included
Interface Support
TWAIN and ISIS Drivers (included); KODAK Capture Software
Color Touch Screen Control
Operator control via color LCD touch screen
Ergonomic Height Adjustment
Integrated height adjustment span of 25 cm (10 in.) for seated or standing operation
Imaging Features
Perfect Page Scanning, iThresholding, autocrop, aggressive crop, deskew, image rotation, electronic color dropout, dual stream scanning, halftone removal, noise removal, zone processing, toggle patch, automatic color detection, automatic orientation
On-board Compression
CCITT Group IV, JPEG or uncompressed output
55
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
File Format Outputs
JPEG (for color and grayscale images); TIFF (for black and white images)
Image Address Multi-level indexing/batching capabilities
Patch Readers Four permanently mounted patch readers that can work together or independently
Imprinting Front pre-scan or rear post-scan imprinting; optional hi-res imprinter available
Electrical Requirements
100-130 VAC, 50/60 Hz, 7 A; 200-240 VAC, 50/60 Hz, 3.5 A
Minimum PC Configuration
Pentium 4 2.4 GHz processor with 512 MB RAM
Supported Operating Systems
WINDOWS XP Pro (32bit only) WINDOWS Vista (32 and 64 bit) WINDOWS 7 (32 and 64 bit)
Original detailed and highlighted Brochures MUST be submitted
DEPARTMENTAL SCANNER
ITEM REQUIREMENTS
Recommended Daily Volume
Up to 9,000 pages per day
Throughput Speeds* Up to 45 pages per minute/90 images per minute *(200 dpi, landscape, letter size, black and white/grayscale/color)
Scanning Technology dual CCD Grayscale output bit depth is 256 levels (8-bit) Color capture bit depth is 48 bits (16 x 3) Color output bit depth is 24 bits (8 x 3)
Output resolution 75, 100, 150, 200, 240, 300, 400, 600 and 1200 dpi
Maximum Document Size
297 mm x 863 mm (11.7 in. x 34 in.)
Minimum Document Size
64 mm x 89 mm (2.5 in. x 3.5 in.)
Paper Thickness and Weight
34–413 g/m² (9–110 lb.) paper
Feeder Up to 150 sheets of 60 g/m² (16 lb.) paper
Multi-feed Detection With ultrasonic technology
Connectivity USB 2.0
Bundled Software TWAIN, ISIS, SANE and Windows Imaging Architecture Drivers, KODAK Capture Desktop Software and Smart Touch
56
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Imaging Features Perfect Page Scanning; Thresholding; adaptive threshold processing; deskew; autocrop; relative cropping; aggressive cropping; electronic color dropout; dual stream scanning; interactive color, brightness and contrast adjustment; automatic orientation, automatic color detection, background color smoothing
File Format Outputs Single and multi-page TIFF, JPEG, RTF, PDF, searchable PDFAccessories KODAK Imaging Guide Wiper Accessory
Optional A4 black imaging background accessory
Electrical Requirements
100-240 V (International); 50/60 Hz; universal power supply included
Recommended PC Configuration
For documents up to 356 mm (14 in.) long at 400 dpi: Pentium 4, 3.2 GHz processor, 512 MB RAM; For documents up to 660 mm (26 in.) long at 400 dpi: Pentium 4, 3.2 GHz processor, 1 GB RAM; For longer documents/higher resolutions: Pentium 4, 3.2 GHz processor, 3 GB RAM
Supported Operating Systems
Windows 7 (32-bit and 64-bit) Windows XP SP2 (32-bit ) Windows XP x64 Edition SP2 Windows 2000 Professional SP4 Windows Vista SP1 (32-bit and 64-bit) Windows 2003 Server x64 Edition LINUX Ubuntu 6.06, Fedora 8, and SUSE 10.1
Consumables Available Feed module, separation module, feed rollers, roller cleaning pads, Staticide Wipes, image guides, pre-separation pad
Original detailed and highlighted Brochures MUST be submitted
WORKGROUP SCANNER
ITEM REQUIREMENTS
Recommended Daily Volume
Up to 3,000 pages per day
Scanning Technology
Single CCD; i1220 Plus: Dual CCD; Grayscale output bit depth is 256 levels (8 bits); Color capture bit depth is 48 bits (16 x 3); Color output bit depth is 24 bits (8 x 3)
Throughput Speeds (portrait, letter size)
Bitonal/grayscale: Up to 45 pages per minute at 200 dpi Color: Up to 30 pages per minute at 200 dpi and 300 dpi
(Throughput speeds may vary depending on your choice of driver, application software, operating system and PC.)
Optical resolution
600 dpi (1200 dpi A4 flatbed accessory)
Illumination Dual fluorescent (cold cathode)
Output resolution
75, 100, 150, 200, 240, 300, 400, 600 and 1200 dpi
57
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Max./Min. Document Size
215 mm x 863 mm (8.5 in. x 34 in.)/50 mm x 63.5 mm (2 in. x 2.5 in.)
Paper Thickness and Weight
34-413 g/m² (9-110 lb.) paper; ID card thickness: up to 1.25 mm (0.05 in.)
Feeder Up to 75 sheets of 75 g/m² (20 lb.) paper Handles small documents, such as ID cards, embossed cards and insurance cards
Multi-feed Detection
With ultrasonic technology
Connectivity USB 2.0 (cable included)
Bundled Software
TWAIN, ISIS, WIA Drivers; KODAK Capture Desktop Software, Smart Touch; Nuance ScanSoft PaperPort and OmniPage.
Imaging Features
Perfect Page Scanning; iThresholding; adaptive threshold processing; deskew; autocrop; relative cropping; aggressive cropping; electronic color dropout; dual stream scanning; interactive color, brightness and contrast adjustment; automatic orientation; automatic color detection; background color smoothing; image edge fill; image merge; content based blank page detection; streak filtering; image hole fill; sharpness filter
File Format Outputs
Single and multi-page TIFF, JPEG, RTF, BMP, PDF, searchable PDF
Recommended PC Configuration
For documents up to 660 mm (26 in.) long at 400 dpi: Intel Core2, 2 GHz Duo Processor or equivalent, 2 GB RAM. For longer documents/higher resolutions: Intel Core2, 2 GHz Duo Processor or equivalent, 4 GB RAM. Note: for optimal performance when using a PC running the Windows 7 operating system, at least 3 GB RAM is recommended.
Supported Operating Systems
Windows XP SP2 and SP3 (32-bit), Windows XP x64 edition SP2, Windows Vista SP1 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), Windows 2003 Server and 2008 Server x64 Editions, Linux Ubuntu 8.04, Fedora 9, SUSE 11
Original detailed and highlighted Brochures MUST be submitted
SMALL OFFICE PHOTOCOPIER
ITEM REQUIREMENTS
Copying technology
Laser
Duplex copying Two-sided copying Automatic
Input: Output support
1-1, 1-2, 2-1, 2-2
Copying Speed 20cpm
Copy Resolution 600 x 600 dpi
58
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Minimum Memory / RAM Installed
256 MB
Communication Mode
Duplex
Interfaces USB 2.0 Parallel Port IEEE 1284,(USB cable included);
Display/ Operation
Touch screen panel
Trays 3 paper trays including the bypass tray; Automatic Document Feeder
Media Type Papers, envelops, transparencies
Document Feeder Capacity
50 sheets
Standard Tray 250 sheets
Optional Tray 250 sheets
Bypass Tray 100 sheets
Output Tray 250 sheets facedown
Auto Tray Switching
Capable
Media Sizes Document glass and maximum paper size is legal (8.5 x 14 inches);
Monthly Duty Cycle
Maximum 20,000 pages per month.
Power 220-240 VAC 50/60 Hz
Power Saver Mode
50/60 watts
Warm up time 30 Seconds max
First copy out time
8 seconds or less
Toner type Customer replaceable
Toner Control method
Automatic Toner Density monitoring
Finishing options
Multiposition stapling, fit to new paper size, booklet creation
Document scanner
ADF (full duplex)
Zoom range 25-400% in 1% increments
Other features Secure print, Delay print, Watermark, Power save mode
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
59
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
MEDIUM OFFICE PHOTOCOPIER
ITEM REQUIREMENTS
Copying / Print technology Laser
Duplex copying/printing Two-sided copying Automatic
Input: Output support 1-1, 1-2, 2-1, 2-2.
Copying Speed 30 cpm
Multiple copying Up to 999 copies
Copy Resolution up to 1200 x 1200dpi
Memory 512MB expandable to 1024
Hard drive 40GB
Communication Mode Duplex
Interfaces USB 2.0 Parallel Port IEEE 1284,(USB cable included);
Trays 3 paper trays including the bypass tray
Media Feed Include Duplex unit, Automatic media feeder;
Document Feeder Capacity 75 sheets
Output Tray 250 Sheets
Standard Tray 500 Sheets
Optional paper supply 500 Sheets
By pass Tray 100 Sheets
Auto Tray Switching Capable
Media Sizes Document glass and maximum paper size is legal (11 x 17 inches); Automatic media feed.
Media type Paper, Envelopes, labels, cards
Monthly Duty cycle Maximum 100,000 ppm.
Display/ Operation Touch screen panel
Power 220-240 VAC 50/60 Hz; consumption 1340 w (max)
Power Saver Mode 35 watts
Warm up time 30 Seconds max
First copy out time 5 seconds or less
Toner Control method Automatic Toner Density monitoring
Toner Customer Replaceable
Finishing options Multi-position stapling, fit to new paper size, Hole punch, booklet creation
Document scanner ADF (full duplex)
Output capacity 250 Sheet face down
Zoom range 25-400% in 1% step
Other features Secure print, Delay print, Watermark
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
60
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
LARGE OFFICE PHOTOCOPIER
ITEM REQUIREMENTS
Copying / Print technology Laser
Duplex copying/printing Two-sided copying Automatic (standard)
Copying Speed 45cpm
Copy Resolution Up to 2400 x 600 dpi /4800 x 600 dpi interpolated output
Memory / RAM Installed ( Min ) 2GB
Hard drive Capacity 60GB
Communication Mode Duplex
Interfaces USB 2.0 Parallel Port IEEE 1284,(USB cable included);
Trays 3 paper trays including the bypass tray.
Multiple Copying Up to 9999 copies
Media Feed Include Duplex Automatic media feed tray;
Input: output support 1-1, 1-2, 2-1, 2-2.
Document Feeder Capacity 100 sheets
Output Tray Capacity 500 Sheets
Standard Tray 550 sheets
Optional paper supply 550 Sheets
Bypass Tray 100 sheets
Auto Tray Switching Capable
Media Sizes Document glass and maximum paper size is legal (11x 17 inches); Automatic media feed
Media type Paper, Envelopes, labels, cards
Display /Operations Touch screen
Monthly Duty Cycle Maximum 200,000 pages per month.
Power 220-240 VAC 50/60 Hz
Power Saver Mode 50/60 watts
Warm up time 30 Seconds max
First copy out time 4 seconds or less
Toner Control method Automatic Toner Density monitoring
Original Maximum A3
Finishing options Multi-position stapling, fit to new paper size, hole punch, booklet creation
Document scanner ADF (full duplex)
Output capacity 250 Sheet face down
Zoom range 25-400% in 1% step
Other features Secure print, Delay print, Watermark
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
61
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
DSLR DIGITAL CAMERA
ITEM REQUIREMENTS
Resolution 14.1 Megapixels
sensor type CMOS
Image Stabilization Standard
Image Resolution 4320 x 3240
Minimum Shutter speed 60 sec
Minimum continuous shooting speed 3.5 frames per second
Video capture 1280 x 720; 640 x 480 ; 320 x 240
Maximum Frame Rate 30 fps
Digital Video Format MOV, AVI, MPEG-4,MJPEG, H.264
Still image format JPEG, RAW,RAW+JPEG
Lens type Lens mountable
Minimum Lens 18-55mm
optical zoom 10X
Minimum Field of view 1.5
View Finder LCD
Display resolution 920,000
Light Sensitivity 6400 ISO
Expandable Memory Type: MS Duo / MS PRO Duo / SD / SDHC/SDXC/MMC
Exposure Modes Programmable, automatic
Battery: Li-ion rechargeable battery
Power Device Battery charger external
Connector type USB, Composite video/audio
Battery Life 300 shots
Face detection Standard
Shooting modesauto, portrait, landscape, night, close-up, snapshot, flash off, indoor , low light, movie
Self – Timer 2 Sec/10 Sec
Flash type Auto
Flash Mode Flash On/off, red eye reducer, auto
Sound Built in Microphone and speakers
AccessoriesRechargeable Li-ion Battery, Battery Charger, Remote Control, USB Cable, Audio/Video Cable, case and strap
Focus Mode Automatic, Manual
White balance Custom, automatic, presets
Firmware User upgradable
SoftwareWindows XP/ Windows Vista/ Windows 7/Mac/ Linux compatible image viewing software
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
62
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
COMPACT DIGITAL CAMERA
ITEM REQUIREMENTS
Resolution 14.1 Megapixels
sensor type CCD
Pixel Density 24 MP/cm²
Still image format JPEG
Image Stabilization Optical/lens
Image Resolution 4320 x 3240
Minimum Shutter speed 60 sec
Video capture 1280 x 720; 640 x 480 ; 320 x 240
Maximum Frame Rate 30 fps
Digital Video Format MOV, AVI, MPEG-4,MJPEG
Optical zoom 10 x
Minimum wide angle zoom 25mm
View Finder LCD
Display Resolution 460,000
Light Sensitivity 3200 ISO
Built in Memory 40MB
Expandable Memory Type: MS Duo / MS PRO Duo / SD / SDHC/SDXC/MMC
Exposure Modes Programmable, automatic
Battery: Li-ion rechargeable battery
Power Device Battery charger external
Connector type USB, Composite video/audio
Battery Life 300 shots
Operating system compatibility Linux, Windows XP, Windows 7
Face detection Standard
Shooting modes auto, portrait, night snapshot, indoor and low light,
Self – Timer 2 Sec/10 Sec
Flash type Built-in;
Flash Mode Flash On/off, red eye reducer, auto
Sound Microphone and speakers built in
Accessories Rechargeable Li-ion Battery, Battery Charger, Remote Control, USB Cable, Audio/Video Cable, case and strap
Lens type Built in
White balance Custom, automatic, presets
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
63
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
PROFESSIONAL DIGITAL CAMCORDER
ITEM REQUIREMENTS
Image Sensor CMOS/ 3M0S
Image Sensor size 1/4 in
Minimum Filter Diameter 40 mm
Total minimum pixels 8 MP
Minimum Digital Zoom 200 X
Optical Zoom 10 X
Min Focal Length 40 mm (35 mm equivalent)
Minimum Shutter Speed 1/30 (Auto slow shutter On); 1/60(Auto slow shutter Off)
Image Stabilization Optical
Audio Support 5.1 Surround Sound, AC-3 (2 channels)
Video Capture Format HDV ,MPEG-2, MPEG-4, AVC/H.264 (HD Compliant)
Maximum Video Capture Resolution
1440 x 1080
Display type LCD
Display resolution 200,000 pixels
Video Broadcast Standard NTSC
Video signal 1080/60i
Recording Media Memory Stick Duo, Memory Stick PRO Duo, Sony Memory Stick Image Capture (SD/SDHC/SDXC), High Definition Mini DV (recommended) ,MiniDV cassette
Flash Accessory Shoe, Red-Eye Reduction
Still Camera resolution 10MP
Image Format JPEG
White Balance Auto, outdoor, indoor, daylight, sunny, shade, cloudy, manual
Exposure Settings Auto Exposure, Manual Exposure
Internal Memory type Hard drive/Flash Memory
Minimum Internal Memory 32 GB
Included ComponentsAC Adapter, Battery, Battery Recharger, Cables - A/V (RCA Composite), Cables - Component Video, Cables - USB, Docking / Cradle Stand, Remote, software CD/DVD Rom, Carrying case
Interface ConnectionSD output, HD output , headphones, A/V Output, Component Video, HDMI, LANC Terminal, Microphone, Proprietary, S-Video, USB2.0 - Universal Serial Bus
Additional FeaturesBacklight Compensation, Built-in Light, Built-in Speaker, Fader Function, PictBridge Support, Touch Screen, Viewfinder Power
Focus Features Auto Focus, Face Recognition Auto Focus, Manual Focus, Spot Focus
Power requirement 7.2 V(Battery)
Power Source AC Adaptor, Lithium-Ion Battery
Focus Auto/Manual
Iris Auto/Manual
Warranty 1 Year Limited Warranty
Original detailed and highlighted Brochures MUST be submitted
64
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
STANDARD USER DIGITAL CAMCORDER
ITEM REQUIREMENTS
Image Sensor CMOS
Image sensor size 1/8 in
Minimum Filter Diameter 40 mm
Total minimum pixels 10 MP
Minimum Digital Zoom 100 X
Optical Zoom 12 X
Min Focal Length 40 mm (35 mm equivalent)
Minimum Shutter Speed 1/30 (Auto slow shutter On); 1/60(Auto slow shutter Off)
Image Stabilization Optical
Audio Support Stereo
Video Capture Format MPEG-2, H.264/AVC
Maximum Video Capture Resolution 1920 x 1080
Display type LCD
Display resolution 200,000 pixels
Video Broadcast Standard NTSC
Recording Media Memory Stick Duo, Memory Stick PRO Duo, Sony Memory Stick Image Capture (SD/SDHC/SDXC), ,MiniDV cassette
Flash Accessory Shoe, Red-Eye Reduction
Still Camera resolution 10MP
Still Image Format JPEG
White Balance Auto,outdoor, indoor, daylight, sunny, shade, cloudy, manual
Exposure Settings Auto Exposure, Manual Exposure
Internal Memory type Hard drive/Flash Memory
Minimum Internal Memory 32 GB
Included ComponentsAC Adapter, Battery, Battery Recharger, Cables - A/V (RCA Composite), Cables - Component Video, Cables - USB, Docking / Cradle Stand, Remote, software CD/DVD Rom, Carrying case
Interface Connection A/V Output, Component Video, LANC Terminal, Microphone, Proprietary, S-Video, USB - Universal Serial Bus 2.0
Additional Features Backlight Compensation, Built-in Light, Built-in Speaker, Fader Function, PictBridge Support, Touch Screen, Viewfinder Power
Focus Features Auto Focus, Face Recognition Auto Focus, Manual Focus, Spot Focus
Power Source AC Adaptor DC Input, Lithium-Ion Battery
Focus Auto/Manual
Iris Auto/Manual
Warranty 1 Year Limited Warranty
Original detailed and highlighted Brochures MUST be submitted
65
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
STANDARD USER DIGITAL DVD CAMCORDER
ITEM REQUIREMENTS
Image Sensor CMOS/CCD
Image sensor size 1/6 in
Minimum Filter Diameter 30 mm
Total minimum pixels 10 MP
Minimum Digital Zoom 100 X
Optical Zoom 12 X
Min Focal Length 40 mm (35 mm equivalent)
Minimum Shutter Speed 1/30 (Auto slow shutter On); 1/60(Auto slow shutter Off)
Image Stabilization Optical
Audio Support Stereo
Video Capture Format MPEG-2, H.264/AVC
Maximum Video Capture Resolution 1920 x 1080
Display type LCD
Display resolution 123,000 pixels
Video Broadcast Standard NTSC
Recording Media DVD/ Flash Media
DVD Type DVD-R/-RW/-R DL
Flash Accessory Shoe, Red-Eye Reduction
Still Camera resolution 10MP
Still Image Format JPEG
White Balance Auto, outdoor, indoor, daylight, sunny, shade, cloudy, manual
Exposure Settings Auto Exposure, Manual Exposure
Internal Memory type Flash Memory
Included ComponentsAC Adapter, Battery, Battery Recharger, Cables - A/V (RCA Composite), Cables - Component Video, Cables - USB, Docking / Cradle Stand, Remote, software CD/DVD Rom, Carrying case
Interface Connection A/V Output, Component Video, LANC Terminal, Microphone, Proprietary, S-Video, USB - Universal Serial Bus 2.0
Additional Features Backlight Compensation, Built-in Light, Built-in Speaker, Fader Function, PictBridge Support, Touch Screen, Viewfinder Power
Focus Features Auto Focus, Face Recognition Auto Focus, Manual Focus, Spot Focus
Power Source AC Adaptor DC Input, Lithium-Ion Battery
Focus Auto/Manual
Iris Auto/Manual
Warranty 1 Year Limited Warranty
Original detailed and highlighted Brochures MUST be submitted
66
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
DISK DUPLICATOR
ITEM REQUIREMENTS
Operating type Stand alone
Max Writing speed DVD-R: 24X DVD-RW: 8X DVD-R DL: 10X DVD+R: 24X DVD+RW: 8X DVD+R DL 10X CD-R: 52X CD-RW: 52X
Supporting DiscsDVD-ROM DVD-R DVD-Video DVD-RW DVD+R DVD+RW CD-ROM CD-R CD-Audio Disc CD-RW Multi-session Photo CD CD-I Video CD CD-ROM XA & CD Extra (CD Plus), Blu Ray
Supported Recording Discs
12cm 4.7GB DVD-R/RW 12cm 4.7GB DVD+R/RW 12cm 8.5GB DVD+R DL 12cm 8.5GB DVD-R DL 12cm 80min/700MB CD-R 12cm 74min/650MB CD-RW 8cm 1.47GB mini DVD-R 8cm 24min/210MB mini CD-R 8cm 50MB Business Card CD-R, Blu-ray
Display LCD
Hard drive 250GB
Hard drive partitioning Continuous
Buffer Memory 128MB
Connectivity USB 2.0 and Network connectivity
Firmware upgradeable Yes
Security User account management
DVD format conversionConvert media between DVD+R/RW and DVD-R/RW automatically
Auto counter Yes
Labeling Laser labeling technology
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
67
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
DIGITAL VIDEO CAMERAITEM REQUIREMENTS
Optical sensor size 1/3 in
Optical sensor type CMOS
Min illumination 7 lux
Image stabilizer Optical
Min shutter speed 1/4 sec
Shooting modes Digital photo mode
White balance Custom, Presets, Automatic
White balance presets Auto, Indoor, Outdoor, Manual
Lens aperture F/1.8-2.1
Optical zoom 12 x
Lens system type Zoom lens
Min focal length 5.1 mm
Auto focus TTL contrast detection
Filter size 37 mm
Manual focus Manual, Automatic
Zoom adjustment Manual, Motorized drive
Media type Mini DV (HDV) PAL
Image storage JPEG 1920 x 1440, JPEG 1440 x 1080, JPEG 1920 x 1080, JPEG 640 x 480
Flash memory 16 MB – Memory Stick Duo
Recording speed SP
Display type LCD display – TFT active matrix
Display form factor Rotating
Display resolution 123,200 pixels
Audio input type Microphone
Microphone type Built-in
Microphone operation mode Stereo
Connections1 x Component video output, 1 x Composite video/audio output, 1 x S-Video output, 1 x Headphones, 1 x Audio input, 1 x Control-L (LANC), 1 x USB, 1 x DC power input
Cables included A/V cable, Component video cable, USB cable
Video input featuresBuilt-in speaker, Histogram display, Backlight compensation, RGB primary color filter, Analog to digital conversion with pass through Remote control Remote control – Infrared
Included accessories Lens cap, Lens hood, Camcorder shoulder strap, Memory Stick Duo adapter,
Power External power adaptor 240v, Lithium rechargeable battery pack, charger
Warranty 1 Year
Original detailed and highlighted Brochures MUST be submitted
68
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
VIDEO RECORDING PRESENTER WITH LASER POINTER
ITEM SPECIFICATIONS
Technical features 4-in-1 Product - Product functions as a• PowerPoint presenter • with laser pointer, • integrated voice recorder and • SD memory card reader
Storage Built-in SD memory card reader and SD Card Storage - Allows recording of presentations, meetings or notes and save to a SD card in .wav format;
Wireless 2.4GHz wireless technology that provides up to a 50-foot (15m) working range for full control of the presentation from anywhere in the room
Stow-n-go® receiver
USB receiver that can be stored conveniently inside presenter for easier storage and travel
Carrying case Carrying case with extra storage compartment for 2 spare AAA batteries
Led status indicators
SD card memory full, low battery power and laser beamcurrently in useIndicator lights to notify user of any status changes, so there are no unexpected surprises during an important presentation
System requirements/compatibility
Windows 7, USB port,SD memory card
Communication interface USB Port
Convenience Easily record any presentation questions with the click of a button
Weight 55 g
Battery 2 AAA batteries and 2 spare AAA batteries
Functions on the presenter
Scroll wheel provides for navigation through presentations; Other buttons include: On/off, Next/previous page, dark screen/resume, application switch, slideshow/ESC and volume control
Warranty 2 years
Original detailed and highlighted Brochures MUST be submitted
69
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
WIRELESS INTERNET MODEM
ITEM SPECIFICATIONS
Main features
• Micro SD Memory Slot, so can act as a Memory stick. (up to 4GB)
• Able to add external Antenna incase signal not enough strong.
• Smaller and more compact.
• Stable and Reliable.
• Compatible with Windows 7 operating systems and MacOS.
• Zero CD Technology: No CD Requires, Auto plug and play. Simple and easy.
Technical standard
HSDPA/UMTS: 3GPP R99, R5 GSM/GPRS/EDGE: 3GPP R99
Operating frequency
HSDPA/UMTS 2100MHz GSM/GPRS/EDGE 850/900/1800/1900MHz
Support speed Maximum download speed : 3600 kbps Maximum upload speed : 384 kbps
External interface
Mini USB interface: supporting USB 2.0 Full Speed
Antenna: Internal antenna External Antenna Slot: Able add external antenna.
With Extra Micro SD Memory Slot (up to 4GB).
SIM/USIM card: standard 6 PIN SIM card interface
Dimensions 70.1 mm (D) x 25.7 mm (W) x 11.6 mm (H)
Usb Auto plug and play
Weight < 50g
Led indicator - Green Light You are connected to the GPRS/EDGE network (fast) - Blue Light You are connected to the 3G network (faster) - Cyan Light You are connected to the HSDPA or Turbo network (fastest)
Warranty One Year
Original detailed and highlighted Brochures MUST be submitted
70
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
DIGITAL LCD DISPLAY PANEL
ITEM SPECIFICATIONS
Picture/display
Aspect ratio 16:9
Size Between 47”
Brightness
500 CD/M2
Total Input-Line: 4 ,Total Input-Terminal: 4
Contrast ratio 1600: 1 Dynamic Contrast Ratio,
Display screen LCD WXGA Active Matrix TFT
Screen enhancement
Anti Reflection Coated Screen
Viewing angle Horizontal: 178°, Vertical: 178° Degrees
Audio power output
14W Total (7Wx2 Digital AMP)
Inputs and Outputs Specifications
Analog Audio Input(s) -Pinjack (x2), Analog Audio Output(s)-Pinjack (x2), Composite Video Output(s) - BNC (x1) Loop ThroughDual Option Slot-1.8 Slot, Ethernet Connection(s), HD Component Video Input(s) RGB/COMPONENT IN: HD D-sub 15-pin female (x1)HD Component Video Output(s) RGB/COMPONENT Out: HD D-sub 15-pin female (x1)HDMI™ Connection(s) Available through Option Card BKM-FW15PC Audio Input(s), RS232 Control- D-sub 9-pin (x1)S-Video Input(s) Mini DIN 4-pin (x1): when S-Video is used, Composite Video is inactiveVideo In (BNC) (x1): when Video is used, S-Video is inactive
Video Specifications Format(s) Supported
NTSC/PAL/PAL-M/PAL-N/NTSC4.43/PAL60Viewing Angle
Display Technology 8 msPicture Mode Custom, Vivid, Standard, Conference, DICOM
Display RESPONSE TIME
8MS
Panel resolution 1920 x 1080 Display Resolution
Sound Virtual Surround sound
Stereo sound Output
Remote Control LAN / RS232 Available
Digital Inputs Specifications
DVI-D, HDSDI (SMPTE 292M) , No (Available through Option Card BKM-FW16)
71
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Power Specifications
Internal Power Supply YesPower Consumption (in Operation) Approx 320WPower Requirements AC 100-240V, 50/60Hz
HDMI™ Technology
No (Available through Option Card BKM-FW15)
Multiple Language Display
English, French, Spanish, Italian, German, Japanese, Dutch, Swedish, Russian, Chinese
On-Screen DisplayPicture and Picture
Yes
Yes
VGA in SUB 15 HD
Convenience Specifications
Cable Management System, Wall/Arm Mount
Mount Design Landscape, Portrait Auto sensing Logo illumination
Remote Control Multi-Function Remote
Operating Conditions Specifications
Color Temperature Control -Cool, Neutral, Warm
Colors -1.06 Billion Colors
Operating Humidity -20% to 90%, non condensing
Operating Temperature -32° to 95°F (0° to 35°C)
Screen Treatment -Anti-Glare, Anti-Reflective
PC Connection PC : Computer display with support for resolutions up to 1920 x 1080 through HDMI and VGA
SPEAKERS Mounted speakers with sound audio processor, making theater-quality audio
Warranty 3 years parts, 3 years labor, 1 year panel
Original detailed and highlighted Brochures MUST be submitted
72
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
MULTIPURPOSE PHOTOCOPIER (4 in one)
ITEM REQUIREMENTS
Printing specifications
Functions
All-in-one functions Print, copy, Scan and Fax
Multitasking capability Yes
Print quality technology
Print technology Laserjet
Print speed, black (normal quality mode) Up to 40 ppm
Print speed, color (normal quality mode) Up to 40 ppm
First page out (black) As fast as 11.5 sec
First page out (color) As fast as 11.5 sec
Monthly duty cycle Up to 200,000 pages
Recommended monthly print volume 8,000 to 17,000 pages
Print resolution, black Up to 1200 x 600 dpi
Print resolution, color Up to 1200 x 600 dpi
Memory 512 MB
Processor speed 835 MHz
Paper handling
Paper handling optional, input1 x 500 Feeder Stand, 3 x 500 feeder stand-one or the other of these should be present with each unit.
Paper handling optional, outputTray 1 and a Cassette Tray 2 and 3 (Tray 1 holds 100 sheets, Tray 2 and 3 holds 500 sheets each) F Bundle includes and additional 2 x 500 sheet input trays (trays 4 and 5)
Paper handling standard, output 500-sheet face down output bin
Envelope capacity Up to 10 envelopes
Duplex printing Automatic
Document finishingSheetfeed simplex or duplexed face down to standard output bin; Optional devices handle Stacking, Stapling and Booklet making
Media sizes, standard
Multipurpose tray 1: letter, letter-R, legal, executive, statement, 8.5 x 13 in, 11 x 17 in, 12 x 18 in, index cards (4 x 6, 5 x 8), envelopes (No. 9, 10, Monarch); Input tray 2: letter, letter-R, legal, executive, 8.5 x 13 in, 11 x 17 in; Input trays 3, 4, and 5: letter, letter-R, legal, executive, 8.5 x 13 in, 11 x 17 in, 12 x 18 in
73
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Media sizes, customMultipurpose tray 1: 4 x 5.5 to 12.6 x 18 in; Tray 2: 5.8 x 8.3 to 11.7 x 17 in; Trays 3, 4, 5:: 5.8 x 8.3 to 12.6 x 18 in
Media typesPaper (bond, recycled, glossy, mid-weight, heavy, heavy glossy, extra heavy, extra heavy glossy, rough, tough), transparencies, labels, envelopes, cardstock, user-defined
Scanner specifications
Scanner type Flatbed, ADF
Scan resolution, optical Up to 600 dpi
Scan size, maximum (flatbed) 11.7 x 17 In
Scan size, maximum (ADF) 11.7 x 17 In
Scan speed (default) Up to 40 ppm (mono letter simplex); up to 38 ppm (mono A4 simplex); up to 41 ppm (mono A3 simplex) up to 16 ppm (mono letter duplex); up to 15 ppm (mono A4 duplex); up to 16 ppm (mono A3 duplex)
Scanner features Yes
Automatic paper sensor Yes
Supported file formats PDF, JPEG, TIFF, or MTIFF
Copier specifications
Copy resolution, black Up to 600 x 600 dpi
Copy resolution, color Up to 600 x 600 dpi
Copy reduce/enlarge settings 25 to 400%
Maximum number of copies Up to 999 copies
Fax specifications
Faxing Yes
Fax transmission speed (seconds per page)
13 sec per page
Fax resolution, black (dots per inch)
Up to 300 x 300 dpi ( Recv can support 400x400)
Speed dials, maximum number 100 speed dials and 100 numbers per speed dial.
Auto redial Yes
Fax delayed sending No
Fax broadcast 100 Locations
Junk fax barrier Up to Blocked 20 fax numbers
Polling No
Remote retrieval No
Fax forwarding Yes
Warranty I year
Connectivity
74
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Connectivity, standard1 Hi-Speed USB 2.0, 1 built-in wired Ethernet, 1 PictBridge, 1 built-in wireless 802.11b/g
Connectivity, optional HP bt300 Bluetooth Wireless Printer Adaptor Q3395A
Macintosh compatible Yes
Print drivers, standard HP PCL 3 GUI
Compatible operating systems
Microsoft Windows 7, Windows XP Professiona, Mac OS X v10.2.8, 10.3, 10.4, 10.5, 10.6, Linux
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
EXTERNAL HARDDISK
ITEM REQUIREMENTS
Capacity 500 GB
Hard Disk Spindle Speed 7200 rpm
Cache 2 MB
Hard disk Interface FireWire 800, FireWire 400 and USB 2.0
Data Transfer Rate 480 MB/s
Seek time 14 ms
Compatible operating systemsWindows XP, Windows Vista, Windows 7/ windows 8.1 and Mac OS 9.x / 10.1 or higher
Power Source USB bus and FireWire bus
Power Requirements 100 - 240 VAC
Warranty 1 year
Original detailed and highlighted Brochures MUST be submitted
FLASH DISK
ITEM REQUIREMENTS
Capacity 4 GB
Rotational Speed 4200 rpm
Cache 2 MB
Interface ATA 100, Zer Insertin Frce (ZIF) cnnectr / USB 2.0
Max. External Transfer Rate
100 MB/s
SEEK TIME
Track t Track 3 ms
Average 15 ms
75
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Maximum 26 ms
SHCK
Perating 500G @ 2ms
Nn-perating 1500G @ 1ms
Original detailed and highlighted Brochures MUST be submitted
INTERNAL SERVER HARDDISK
Performance-optimized high-capacity storage for high-intensity applications.
High-performance, high-capacity storage for mid-intensity applications.
The maximum capacity energy-efficient cold storage HDD.
Designed For Datacenter storage, high-end NAS/SAN and Surveillance, and performance-oriented high capacity storage.
Bulk cloud storage, replicated environments, content delivery networks (CDNs), entry level servers, and backup.
Datacenter archive storage, cold storage servers, tape library disk layer, tape library and VTL replacement.
Capacity 250 GB - 6 TB 1 TB - 6 TB 6 TB OR MORE
Interface SAS 6 Gb/s -10000 or 15000rpmSATA 6 Gb/s- 7200 or 10000rpmSATA 3 Gb/s – 7200 or 10000rpm
SATA 6 Gb/s- 7200 or 10000rpm
SATA 6 Gb/s- 7200 or 10000rpm
MTBF Up to 2 M hours 800 K - 1 M hours 500 K hours
Workload 550 TB per year 180 TB per year 60 TB per year
Format 512n / 512e / 4Kn 512e Advanced Format (AF)
Cache 32, 64 MB and 128 MB 64 MB and 128 MB 64 MB
Form Factor 3.5-inch 3.5-inch 3.5-inch
Warranty
76
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
INTERNAL SERVER HARDDISK
ITEM REQUIREMENTS
Capacity 146 GB 10K rpm upgradable to 1.75TB
Maximum Raw Storage 584 GB 10K rpm
Classification Serve V890 Suns Solaris
Host interface 160 MB SCSI LVD
Hard Disk Drives 160 MB SCSI 3.5 inch low profile
Supported Drives 73 GB 10K rpm; 146 GB 10K rpm
Original detailed and highlighted Brochures MUST be submitted
STANDBY UPSITEM REQUIREMENTS
Power provided At least 650 VA
Input Voltage Swing AC 196 - 280 V
Output voltage Range AC 230 V
Localization 220 - 240V / 50Hz
Output Frequency 50 - 60HZ auto-sensing
Design
automatic voltage regulaton
Mains Isolation
User replaceable batteries
Static-Automatic bypass
Run time (full load) 2,4 min
Maintenance bypass incase of servicing
Battery Module
Minimum 16 minutes backup time on 50% rated outout
Minimum 5 minutes backup time on100% rated outout
Minimum 3 year lifetime
Type (Sealed lead-acid preferred)
Automatic periodic battery tests
Short recharge time (Maximum 5 hours for 100% runtime)
Protection against excessive/damaging discharge
ProtectionOutput Overload
Input/Output short-circuit
Communication Interface Serial port communications support
Warranty 1 Year OnSite Repair & Replace
Original detailed and highlighted Brochures MUST be submitted
77
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
ONLINE/SMART UPSITEM REQUIREMENTS
Product Description 850VA UPS
Power 850Va / 500W
Input Voltage range 165-275 Vac
Frequency 50 Hz
Charging Time 12 hours (90%)
Battery type (Ah) Air-tight, maintenance-free, lead battery with anti-leak seal
Autonomy 1.5 min (full load) - 7 min ( medium load)
Output voltage ( Single Phrase) 230Vac + 10% - 15%50Hz 5% in-line
Power (kVA/KW) 850 Va/500 W
Output number Back: 2 IEC sockets + 2 sockets No backup: 2 sockets
Switch time 10 ms
Dimensions (W x D x H) 126 mm x 325 mm x 220 mm
Weight 6 Kg
Control Software UPSILON 2000
Communication Port USB
Original detailed and highlighted Brochures MUST be submitted
78
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
INDUSTRIAL/MODULAR UPS
ITEM REQUIREMENTS
Rating At least 6 KVA
Input Voltage Swing
Minimum. 220V to 270V
Output voltage 220V - 240V
Output Frequency
50 - 60HZ auto-sensing
Design
automatic voltage regulation
Mains Isolation
User replaceable batteries
Static-Automatic bypass,SMART capabilities enabled
Maintenance bypass in case of servicing
Battery Module
Minimum 60 minutes backup time on 50% rated output
Minimum 30 minutes backup time on 100% rated output
Minimum 5 year lifetime, on Battery
Type (Sealed lead-acid preferred)
Automatic periodic battery tests, Front panel mounted fuse
Short recharge time (Maximum 5 hours for 100% runtime)
Protection against excessive/damaging discharge
ProtectionOutput Overload
Input/Output short-circuit
Form Factor Rack Mountable
Communication Interface
Asynchronous serial COM port, 10BaseT Ethernet SNMP/HTTP port, Transport Cases, Slides and
Optional accessories
Alternate I/O Configurations, Dual Source Input, Battery Expansion, Battery less Operation, Battery charger/conditioner, power distribution unit, System interface Mounting Kits
Operational environment requirements
Room temperature/humidity (ie. Min. Air Conditioning)
Warranty At Least 2 years service, replace and Repair
Original detailed and highlighted Brochures MUST be submitted
79
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
APPLICATION SERVER (DEDICATED)ITEM REQUIREMENTS
Processor Speed Intel processor 3.6 GHz duo Core (4 or 2 Processors)
Cache Memory 2MB second level ECC cache
Chipset Intel E7520 Chipset
Memory(RAM) Minimum:1TB
Expansion Slots 3 (64-bit/133MHz) PCI-X
Redundancy & Storage Controllers
Support RAID Level 5 (Disk Stripping with Parity) & Smart Array 6i Controller (integrated on system board)
Back Up Functionality
Tape Drive & Backup Software
16X IDE DVD-RW
Internal Storage Capacity 10TB
Display/Graphics 17” TFT Flat Panel LCD, same brand as CPU
Interfaces
1 Serial
1 Pointing Device (Mouse)
1 VGA Graphics Adapter
1 Keyboard
1 External SCSI
Dual Port PCI-X 1000T Gigabit Server Adapter (embedded)
3 USB (1 front, 2 back) & 1 Fire wire interface
Form Factor Rack Mountable(2U),
Support software, and configuration utilities Include Server managements manufacturers packs
Power Supply Unit2 Redundant 500 W Power supply
Input: 220 - 240 VAC
Warranty 2 Years
SERVER SOFTWARE
Operating Systems Software BSD
Original detailed and highlighted Brochures MUST be submitted
80
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
STORAGE SERVER (CLUSTERED)
ITEM REQUIREMENTS
Form factor 12U rack-mount (19”)
CPU Intel® Itanium® 2 Processor; 1.50 GHz/1.60 GHz
InterconnectPoint-to-point crossbar; max data transmission 25.6 gigabits per second
Memory 1TB
Internal Storage 10TB
PCI Slots Max 18
Partitions Max 10
External Dimensions 482 (W) x 820 (D) x 530 (H)
Weight Max 150 kg
Supported Operating Systems
BSD
Original detailed and highlighted Brochures MUST be submitted
TV CARDSPARTICULARS GENERAL REQUIREMENTS
Video Input Able to receive HDTV signals, allowing a system equipped with it to act as a tuner for a connected HDTV-ready device.
Device Type ATSC HDTV receiver / analog TV / radio tuner / video input adapter
Enclosure Type Plug-in module
Interface Type Express Card
VIDEO
Form Factor Plug-in module
Interface Type FM input, S-video input, Composite video input
Analog Video Format NTSC, PAL-M, PAL-N
Analog Video Signal S-Video, Composite video
Digital Video Format MPEG-1, MPEG-2, MPEG-4
Audio Input Support Standard
Features Teletext, Sleep timer, Channels preview, Closed captioning, Electronic Program Guide
Audio Input Type FM tuner - Integrated
81
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Expansion / Connectivity Interfaces
1 x TV antenna - Input, 1 x Display / video - S-video input - 4 pin mini-DIN - External, 1 x Display / video - Composite video input - RCA - External, 1 x Radio - FM input
Software Included
Drivers & Utilities OS Required Microsoft Windows Vista / XP, Peripheral / Interface Devices Sound card, DirectX 9.0c compatible graphics card System Requirements Details - RAM 256 MB - HD 200 MB
Original detailed and highlighted Brochures MUST be submitted
82
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
APPENDIX 3: Mandatory and fixed versionsSoftware specifications
Software Type Software Item Details
Operating System
Microsoft Windows 7Must be supplied with:• Original media and booklet AND appropriate Certificate of Authenticity.•.
Office Automation
Microsoft Office 2007 withPublisher
MS Word, MS Excel, MS PowerPoint, MS Access, MS Publisher
Internet Browser
Microsoft Internet Explorer 7.0Firefox MozillaOperaFlock
Including all securityPatches
Electronic Mail Microsoft
Outlook Version 2007
NetworkConnectivity
TCP / IP Operating System.
CD Burning Functionality provided by theOperating System.
APPENDIX 4: Mandatory and Upgradable versions Software specifications
Software Type Software Item Details
Multimedia Windows Media Player Latest stable version.
Virus ProtectionAnti-virus software available in the market
Latest stable version.
PDF DocumentReader
Adobe Reader Latest stable version.
Flash PlayerAdobe FlashPlayer
Latest stable version.
83
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Personal Firewall
• Every workstation connected to the Internet via the gateway shall have a Personal Firewall active at all times, configured with parameters specific to the gateway
Description PC Laptop / Remote PC
Connect directly to GWI Firewall disabled
Enabled with configuration usingMS Windows tools
Connect to GWI through an untrusted network(centrally managed)
Firewall enabled Enable with configuration usingCISCO VPN Client.
Virtual Machine Sun JAVAVirtual Machine
APPENDIX 5:Characteristics of Storage Encryption Technologies
Characteristic
Full Disk Encryption
VolumeEncryption
Virtual Disk Encryption
File/ Folder Encryption
Typical platforms supported
Desktop and laptop computers
Desktop and laptop computers, volume-based removable media(e.g. USB flash-drives)
All types of end user devices
All types offend user devices
Data protected by encryption
All data on the media (data files, system files, residual data, and meta data)
All data in the volume(data files, system files, residual data, and metadata)
All data in the container(data files, residual data and metadata, but not system files)
Individual files/folders (data files only)
Mitigates threats involving loss or theft of devices?
Yes Yes Yes Yes
Mitigates OS and application layer threats(such as malware and insider threats)?
No If the data volume is being protected, it sometimes mitigates such threats.*Ifthe data volume is not being protected, then there is no mitigation of these threats.
It sometimes mitigates such threats*
It sometimes mitigates such threats*
84
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Potential impact to devices in case of solution failure
Loss of all data and device functionality
Loss of all data in volume; can cause loss of device functionality, depending on which volume is being protected
Loss of all data in container
Loss of all protected files/folders
Portability of encrypted information
Not portable Not portable Portable Often portable
APPENDIX 6 Storage Encryption Technology Planning and Implementation
PHASE
1. Identify Needs The purpose of this phase is to identify the needs to protect information stored on end user devices and determine how those needs can best be met. Requirements specific to storage encryption that should be considered include the following:
a. External Requirements. The MCA may be subject to oversight or review by another MCA that requires storage encryption. An example is a legal requirement to protect stored PII.
b. System and Network Environments. It is important to understand the characteristics of the MCA’s system and network environments so that storage encryption solutions can be selected that will be compatible with them and able to provide the necessary protection. Aspects to consider include the following:
o The characteristics of the devices that need protection, especially the OSs, applications, and file systems they use, and their hardware capabilities and characteristics
o The technical attributes of the interfaces of other systems with which the storage encryption solution might be integrated, such as authentication services, centralized logging servers and security information and event management (SIEM) software, and patch management software
c. Support Limitations. The MCA should identify any negative impacts that storage encryption technologies could have on existing vendor support mechanisms. For example, installing a storage encryption technology onto an end user device could violate the terms of a support contract for existing software on the end user device or void a warranty for another product used on or with the end user device.
85
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
2. DesigntheSolution • Major aspects of solution design that are particularly important for storage encryption are as follows:• Cryptography. Storage encryption technologies use one or more cryptographic keys to encrypt and
decrypt the data that they protect. The number of keys and the types of keys used are product and implementation-dependent.
• If a key is lost or damaged, it may not be possible to recover the encrypted data. Therefore, MCAs need to ensure that all keys used in a storage encryption solution are secured and managed properly to support the security of the solution. MCAs shall perform extensive planning of key management processes, procedures, and technologies before implementing storage encryption technologies.
• This planning should include all aspects of key management, including key generation, use, storage, recovery, and destruction.29 Organizations should carefully consider how key management practices can support the recovery of encrypted data if a key is inadvertently destroyed or otherwise becomes unavailable (such as a user unexpectedly leaving an organization or losing a cryptographic token containing a key).
• Another decision that may need to be made is where the local keys should be stored. For some encryption technologies, such as FDE and many file/folder encryption products, there are often several options for key location, including the local hard drive, a USB flash drive, a cryptographic token, or a Trusted Platform Module (TPM) chip.
• MCAs need to ensure that access to keys (other than those intended to be available to others, such as public keys) is properly restricted. Storage encryption solutions should require the use of one or more authentication mechanisms, such as passwords, smart cards, and cryptographic tokens, to decrypt or otherwise gain access to a storage encryption key. The keys themselves should be logically secured (e.g., encrypted) or physically secured (e.g., stored in a tamper-resistant cryptographic token). The authenticators used to retrieve keys should also be secured properly.
• Organizations should consider how easily the solution can be updated when stronger algorithms and key sizes become available in the future.
• Authentication.Authentication methods must be chosen for users and administrators. Decisions also need to be made regarding the protection of the authenticators themselves.
• There are two types of authentication important to storage encryption. Administrators authenticate so that they can perform storage encryption management functions, including reconfiguring and updating encryption software, managing user accounts, and recovering encrypted data. Users authenticate so that they can access encrypted information.
• If a single authenticator is used (often a user ID and password, sometimes a token), that authenticator typically grants the storage encryption software access to the key used to encrypt and decrypt the stored information.
• Some storage encryption products allow the use of multiple user IDs on a single device. If the IDs are tied to a single storage encryption key, then each user can access the same protected information.
• Generally, using an existing authentication solution is acceptable only if it provides multi-factor authentication. Using a single-factor authenticator for multiple purposes significantly weakens the protection that authentication provides
• MCAs also need to ensure that the storage encryption authenticators are protected properly. This includes both technical mechanisms, such as encrypting passwords or storing cryptographic hashes of passwords, and operational and management mechanisms.
• Because authentication controls access to storage encryption keys, the loss of authenticators can prevent access to the encrypted data. Organizations should determine how the loss of authenticators (both user and administrator-level) will be handled before implementing storage encryption. Most products offer recovery mechanisms for password-based user authentication.
• For user authentication methods other than password-based, recovery is often more difficult, especially if the user is not at the organization’s facilities. Some storage encryption products allow the password- based authentication recovery mechanisms to be used and permit the user to temporarily use password- based authentication. However, because this is generally a reduction in the strength of authentication, many organizations do not permit its use.
• Recovery mechanisms increase the availability of the storage encryption solution for individual users, but they can also increase the likelihood that an attacker can gain unauthorized access to encrypted storage by abusing the recovery mechanisms. Organizations should consider the tradeoff between availability and security when selecting and planning recovery mechanisms.
• Some storage encryption products also offer protection against authentication-guessing attempts.
86
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
3. Implementand Testa Prototype After the solution has been designed, the next step is to implement and test a prototype of the design. Ideally, implementation and testing should first be performed on lab or test devices. Only implementations in final testing should be conducted on production devices. Aspects of the solution to evaluate include the following:
a. Protection.Each type of information that needs protection should be protected in accordance with the information gathered during the Identify Needs phase. This should be verified by using forensic tools to confirm that the information is encrypted. For devices that use FDE and offer hibernation, standby, or other “suspend” modes, encryption should be verified in each mode; if the mode does not write the contents of memory out to disk and encrypt it, then the informa-tion may be readily available unencrypted.
b. Authentication.Performingrobusttestingofauthenticationisimportant,especiallyformorecomplex-authenticationsolutionsthatdependoncentralizedauthenticationservices;alossofthoseservi-cescouldcausealoss of storage encryption services as well.
c. OS and Application Compatibility. The solution should not break or interfere with the use of exist-ing OS configurations and software applications.
d. Management.Administrators should be able to configure and manage all components of the solution effectively and securely. It is particularly important to evaluate the ease of deployment and configuration, including how easily the solution can be managed as the solution is scaled to larger deployments. Another concern is the ability of administrators to disable configuration options so that users cannot circumvent the intended security.
e. Logging. The logging and data management functions should function properly in accordance with the organization’s policies and strategies.
f. Performance. The solution should be able to provide adequate performance during normal and peak usage. Testing should incorporate a variety of devices, OSs, and applications, especially those that are most likely to be affected by performance issues, such as those that manipulate large files.
g. Security of the Implementation. The storage encryption implementation itself may contain vulner-abilities and weaknesses that attackers could exploit. MCAs with high security needs may want to perform extensive vulnerability assessments against the storage encryption components. Another common security concern is the security of the authenticators and cryptographic keys.
h. Recovery. The solution should be tested to determine how well it can recover from failures, such as lost or forgotten authenticators, lost keys, device hardware or software failure/damage, and power loss.
i. Interoperability. For a solution that will protect removable media that will be used on multiple devices, the organization should ensure that information encrypted on the media by one device can be decrypted by another device after authenticating successfully.
j. Operational Impacts. Organizations should determine how the solution might impact operations, such as impeding technical support and incident response actions involving end user devices.
Actions that may be prudent to perform before installing storage encryption software on end user devices include the following:
a. Ensure that any files to be encrypted can be restored. Examples include backing up user files and having a disk image for the computer’s OS.
b. Replace hardware components (e.g., replace an old hard drive) or the whole device if neces-sary (e.g., equipment that is considered too slow or unreliable).
c. Ensure that the OS is secured properly, including that it is fully patched and that other necessary security controls, such as antivirus software, are installed and configured properly. If the OS is not secured properly, the device is more likely to be compromised, which could weaken the protection provided by the storage encryption solution.
d. Scan the device for malware and either remove any malware that is detected or rebuild the device
87
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
4. Deploy the Solution
a. Once testing is complete and any issues have been re-solved, the next phase of the planning and implementation model involves deploying the solution. A prudent strate-gy is to gradually migrate devices and users to the new solution. The phased deployment provides administrators an opportunity to evaluate the impact of the solution and resolve issues prior to enterprise-wide deployment. It also provides time for the IT staff (e.g., system administrators, help desk) and users to be trained.
b. Most of the issues that can occur during deployment are the same types of issues that occur during any large IT deployment. In addition to potential problems described earlier in this publication, another typical issue is that stor-age encryption technologies might not work properly on some devices because of incompatibilities with particular hardware configurations.
88
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
5. Manage the Solution a. The last phase of the planning and implementation model is the longest lasting. Managing the solution involves operating the deployed solution and maintaining the security storage architecture, policies, software, and other solution components
Examples of typical actions are as follows:
- Testing and applying patches to storage encryption software. It is benefi-cial to have at least one host (one for each type of platform) that is used strictly for testing updates. This can help to identify possible conflicts between an update and the normal functions of devices. Software updates should be tested and deployed using the same practices that would be used for updating any other major security controls, such as antivirus software.
- Deploying storage encryption technologies to additional types of devices
- Configuring additional devices to use the technologies
- Performing key management duties (e.g., issuing new credentials, revoking credentials for compromised systems or departing users)
- Performing recovery actions (e.g., regaining access to encrypted data when the authenticator has been lost or the storage media has been damaged)
- Adapting the policies as requirements change. An example is switching to a stronger encryption algorithm or increasing the key size.
- Monitoring the storage encryption components for operational and security issues
- Periodically performing testing to verify that storage encryption is function-ing properly
- Performing regular vulnerability assessments
- Receiving notifications from vendors of security problems with storage encryption components, and responding appropriately to those notifica-tions
- Preparing devices for retirement or disposal. Devices and media that use storage encryption technologies should be sanitized or destroyed, even for devices using FDE.
- User files on the device should be backed up before major maintenance ac-tions are performed, such as installing or upgrading storage encryption software and changing encryption algorithms or key sizes.
89
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
APPENDIX 7 Alternatives to Encrypting Storage on End User Devices
a. Alternatives
v Applications can encrypt the information that they store. For example, a commercial off-the-shelf (COTS) backup utility might be capable of encrypting its backups, and a com-pression utility might have an option to encrypt archives that a user creates. Another example is a database that can be configured to encrypt fields that contain sensitive in-formation. An application could also store sensitive information in an alternate format, such as cryptographic hashes of passwords instead of the passwords themselves.
v Sensitive information could be accessed only through a virtual machine and stored as part of the virtual machine. If the virtual machine software itself does not provide an encryption capability, the virtual machine data, which is a single file, could be protect-ed through storage encryption software.
b. Insomecases,organizationsmaydecidethatthebestwaytoaddresstheproblemofprotect-ingsensitiveinformationonenduserdevicesisnottostoretheinformationonthedevices.Examplesofhowthismightbeimplementedincludethefollowing:
v Preventing access to sensitive information from higher-risk devices, such as mobile devices
v Using a thin client solution, such as terminal services, a thin Web-based application, or a portal, to access the information, and configuring the thin client solution to prohibit file transfers of the sensitive information to the end user device
v Configuring the organization’s devices (including desktop computers) to prevent writing sensitive information to removable media, such as CDs or USB flash drives, unless the information is properly encrypted
v Permitting users to access files or databases containing sensitive information only through well- secured applications that restrict access as tightly as possible. For ex-ample, suppose that an organization has a database containing thousands of records on employees’ benefits. Instead of allowing a user to have full and direct access to the database, which could allow the user to transfer all the database records to the user’s device, the organization could permit the user to access only the necessary records and record fields. If the user only needs access to general demographic information, and does not need to access any information related to the employees’ identities, then the user would not be able to access any sensitive information.
v Removing unneeded sensitive information from files or databases.
c. MCAs should also be aware that the use of general access control mechanisms is typ-ically insufficient to protect sensitive information on end user devices. For example, a password generally cannot be used instead of cryptography to protect stored informa-tion. Although requiring a BIOS password can prevent an attacker from booting a com-puter regularly, the attacker could still access the information by placing the storage media in a different computer.
90
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Appendix 8 ACCESSIBILITY BY PERSONS WITH DISABILITY
Usage without visionWhere ICT provides visual modes of operation, some users need ICT to provide at least one mode of operation that does not require vision.
NOTE: Audio and tactile user interfaces may contribute towards meeting this clause.
Usage with limited visionWhere ICT provides visual modes of operation, some users will need the ICT to provide features that enable users to make better use of their limited vision.
NOTE 1: Magnification, reduction of required field of vision and control of contrast, brightness and intensity can contribute towards meeting this clause.NOTE 2: Where significant features of the user interface are dependent on depth perception, the provision of additional methods of distinguishing between the features may contribute towards meeting this clause.NOTE 3: Users with limited vision may also benefit from non-visual access (see clause 1).Usage without perception of colourWhere ICT provides visual modes of operation, some users will need the ICT to provide a visual mode of operation that does not require user perception of colour.
NOTE: Where significant features of the user interface are colour-coded, the provision of additional methods of distinguishing between the features may contribute towards meeting this clause.
Usage without hearingWhere ICT provides auditory modes of operation, some users need ICT to provide at least one mode of operation that does not require hearing.
NOTE: Visual and tactile user interfaces may contribute towards meeting this clause.
Usage with limited hearingWhere ICT provides auditory modes of operation, some users will need the ICT to provide enhanced audio features.
NOTE 1: Enhancement of the audio clarity, reduction of background noise, increased range of volume and greater volume in the higher frequency range can contribute towards meeting this clause.
NOTE 2: Users with limited hearing may also benefit from non-hearing access (see clause 4).
Usage without vocal capabilityWhere ICT requires vocal input from users, some users will need the ICT to provide at least one mode of operation that does not require them to generate vocal output.
NOTE 1: This clause covers the alternatives to the use of orally-generated sounds, including speech, whistles, clicks, etc.NOTE 2: Keyboard, pen or touch user interfaces may contribute towards meeting this clause.
Usage with limited manipulation or strength
91
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Where ICT requires manual actions, some users will need the ICT to provide features that enable users to make use of the ICT through alternative actions not requiring manipulation or hand strength.
NOTE 1: Examples of operations that users may not be able to perform include those that require fine motor control, path dependant gestures, pinching, twisting of the wrist, tight grasping, or simultaneous manual actions.NOTE 2: One-handed operation, sequential key entry and speech user interfaces may contribute towards meeting this clause.NOTE 3: Some users have limited hand strength and may not be able to achieve the level of strength to perform an operation. Alternative user interface solutions that do not require hand strength may contribute towards meeting this clause.
Usage with limited reachWhere ICT products are free-standing or installed, the operational elements will need to be within reach of all users.
NOTE: Considering the needs of wheelchair users and the range of user statures in the placing of operational elements of the user interface may contribute towards meeting this clause.
Minimize photosensitive seizure triggersWhere ICT provides visual modes of operation, some users need ICT to provide at least one mode of operation that minimizes the potential for triggering photosensitive seizures.
NOTE: Limiting the area and number of flashes per second may contribute towards meeting this clause.
Usage with limited cognitionSome users will need the ICT to provide features that make it simpler and easier to use.
NOTE 1: This clause is intended to include the needs of persons with limited cognitive, language and learning abilities.NOTE 2: Adjustable timings, error indication and suggestion, and a logical focus order are examples of design features that may contribute towards meeting this clause.
PrivacyWhere ICT provides features that are provided for accessibility, some users will need their privacy to be maintained when using those ICT features that are provided for accessibility.
NOTE: Enabling the connection of personal headsets for private listening, not providing a spoken version of characters being masked and enabling user control of legal, financial and personal data are examples of design features that may contribute towards meeting this clause
92
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
Appendix 9: Related Documents
Code Number: Title
ICTA. 1.001: 2016 Government Enterprise Architecture
ICTA. 2.001: 2016 Infrastructure Standard (Networks, Cloud, End user Computing, Data Centre)
ICTA. 3.001: 2016 Information Security Standard
ICTA. 4.001: 2016 Electronic Records and Data Management Standard
ICTA. 5.001: 2016 IT Governance Standard
ICTA. 6.001: 2016 Systems and Application Standard
ICTA. 7.001:2016 ICT Human Capital and Work force Development Standard
93
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
94
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
95
End-User Computing Devices Standard ICTA-2.001:2016
The ICT Authority is a State Corporation under the State Corporations Act 446 The ICT Authority is a State Corporation under the State Corporations Act 446www.icta.go.ke www.icta.go.ke
ICT Authority
Telposta Towers, 12th Floor, Kenyatta Ave
P.O. Box 27150 - 00100 Nairobi, Kenya
t: + 254-020-2211960/62
Email: [email protected] or [email protected] or [email protected]
Visit: www.icta.go.ke
Become a fan: www.facebook.com/ICTAuthorityKE Follow us on twitter: @ICTAuthorityKE