MNIT provides tools for agencies who need advanced web capabilities. These include a Quality Assurance Tool to help ensure accessibility and accuracy of websites, Web Analytics that provide advanced website statistics and visibility into user visits and views, Custom Search capabilities, and dynamic Chatbots that provide a scalable, fast learning, artificial intelligence (AI) assisted approach to helping users answer common questions. These technologies help agencies improve the effectiveness of their agencies can better achieve their objectives and provide a positive online user experience with these web technologies.
Cloud Web Application Firewall WAF) service offering secures state web applications, data, services, and records that may contain Personally Identifiable Information (PII) such as financial, medical or any private data. The Cloud WAF sits in front of the application server, inspecting and filtering traffic between the web application and the internet. This service can help defend web applications from attacks such as cross-site request forgery (CSRF), cross-site-scripting (XSS), Distributed Denial of Service (DDOS) attacks, file inclusion, and SQL injection.
Cloud WAF features include:
Continuous Security Delivery
Device Fingerprinting for Bot Protection
API Protection
Unique Out-of-Path Deployment with Full Migration
Data Leak Prevention
Integrated Application Security and Application Delivery
The Cloud WAF service offering is charged through a flat rate per license and an allocated proportion of the overall cost of throughput based on the throughput used by a particular web application.
Bot Manager
Cloud WAF includes Bot Manager, a non-intrusive API-based Bot Management solution. Bot Manager detects, eliminates, and manages bot traffic from websites, mobile apps, and APIs in real-time. The solution leverages Intent-based Deep Behavior Analysis, device fingerprinting, and domain-specific detection technologies to identify and eliminate invalid traffic without generating false positives, protecting users against automated attacks such as account takeover, ad fraud, API abuse, application DDoS, card fraud, content scraping, form spam, skewed analytics, and other nefarious activities.
See MNIT’s Service Level Matrix for service level objectives related to incident resolution.
MNIT strives to achieve the response and resolution times as stated in the Service Level Matrix. However, some elements of these services are dependent on vendor availability, support agreements and service levels.
A service agreement is required for one-time professional services charges for website development, design, content migration, search customization, and any further customizations. These costs are separate from the monthly hosting costs.
Customers are generally notified three days in advance of a service update.
In the case of a significant update where advanced testing of sites is recommended, additional servers are brought online so that users may test their existing code against the updated configuration. Customers will be provided with guidance for testing and scheduling of the service upgrade will take customer needs into account.
Agency staff are responsible for following state branding and accessibility standards.
If agencies choose to use a custom domain name or custom subdomain, the agency is responsible for obtaining, recertifying, and managing those custom domains/subdomains. Custom domains/subdomains will require a Cloud Web Application Firewall (WAF).