RFP for scanning and patching tools

[David D Grisham <DGrisham () SALUD UNM EDU>]

We are about to write an RFP for tools that take scans from Nessus/Nexus, etc. and provides actionable 
information/reports to our systems group who uses SCCM. The important component required by audit/assessment is the 
exception component. We have true separation of duties with ITSecurity scanning & our systems group patching and in 
need of a tool that has an exception database that allows ITIL change control review and approval.

We have looked at our will be looking at Microsoft Security Center, Tenable Security Center & RiskSense. If you've gone 
through this process, please let me and/or the group know about important components & I'd like not to reinvent the 
wheel with the RFP if you've done one and don't mind sharing.
Cheers.-grish
David Grisham, PhD, CISM
Manager, ITSecurity, UNM Hospitals
HSC, UNM