Selecting a secure access service edge (SASE) solution is a high-impact decision for any IT organization. The SASE RFP Evaluation Categories Framework is built to help teams construct a vendor evaluation process that’s structured, flexible, and aligned with real-world operational needs.
Customizable questions, practical scoring
The framework centers around an editable spreadsheet that includes detailed evaluation questions and category weights. You can adjust the weights to match your priorities—whether that’s scaling SD-WAN, expanding zero-trust policies, or tightening DLP enforcement. The goal is to move beyond checkbox answers and draw out how each vendor actually delivers.
Each question is designed to prompt real answers, not boilerplate. That means clarity on how solutions are architected, what’s available through APIs or automation, and how vendors support multi-vendor integrations or hybrid environments.
Defined categories, tuned for enterprise scale
The framework’s scoring system ranks categories on a 0–5 scale. High-weight areas include Zero Trust Network Access, data loss prevention (DLP), bidirectional firewalling, cloud access security broker (CASB), and secure web access. Mid-range weights cover routing, logging, APIs, device support, and digital experience metrics. Lower weights apply to general architecture, pricing structure, and support models. You can tune weights up or down—or remove categories entirely—based on your architecture and goals.
Each section is written with medium to large enterprises in mind: 1,000-plus users, branch locations, hybrid workforces, SaaS usage, and compliance mandates. You’ll also find coverage for specific deployment models, including converged single-vendor SASE, two-vendor configurations, and MSP-delivered solutions.
Flexible for real deployment models
If you're exploring a two-vendor strategy—for example, pairing a network provider with a separate security platform—the framework includes a section focused on interoperability. There’s also a dedicated category for MSP-delivered services, with questions about platform integration, support handoffs, and service-level transparency. If those models don’t apply, it’s easy to remove the questions altogether.
The structure also considers unique use cases such as remote browser isolation, data sovereignty, and digital experience monitoring. These can be de-emphasized or prioritized depending on user needs and environment.
Vendor evaluation backed by independent testing
This evaluation model isn’t hypothetical. It’s grounded in feedback from enterprise teams that have gone through SASE procurement and has been reviewed by CyberRatings and Keysight to align with testable, validated capabilities.
If you're planning a SASE purchase or refreshing your vendor shortlist, you don’t need to start from scratch.