Bay Area City requests cybersecurity assistance

This story is limited to Techwire Insider members.

This story is limited to Techwire Insider members. Log in below to read this story or learn more about membership.

In a recent solicitation, a coastal town in the Bay Area is seeking cybersecurity assistance from IT companies.

In one request for proposals (RFP) published on December 8, the city of Fremont is issuing a call for tenders to provide it with a cybersecurity assessment early next year. Among the takeaways:

  • The city is seeking “an established IT professional service provider” with “a clear grasp in a wide range of cybersecurity and compliance areas” including penetration testing, risk assessment, security assessment. security, identity and access management, vulnerability management, application security assessment, and regulation and compliance. executives, according to the RFP. The project involves performing “a variety of penetration testing and security assessments of the city’s internal, external and wireless networks”. The objective is to allow Fremont to have “a comprehensive understanding of the potential risks associated with current vulnerabilities, to assess the effectiveness of current controls”, to ensure that its existing cybersecurity efforts align with “the key security frameworks and best practices such as NIST ‘and improve the effectiveness of the city’s cybersecurity program.
  • Fremont’s current environment includes “several” physical sites connected to its network via city-owned fiber optic and two 1 Gbps Internet connections through which the city has “provided a secure VPN tunnel to encrypt traffic.” . The “topology of the city’s core network is based on Ethernet and consists of two central switches connected via a 10 Gbps WAN (Wide Area Network) fiber optic link”. City workstations and servers connect to 1 Gbps edge switches; these switches have “redundant fiber links that connect at 1 Gbps to each primary switch.” Fremont “primarily” uses “Microsoft Windows operating systems (OS) for endpoints and Microsoft Windows and Linux for servers and devices in addition to several other (OS) used in endpoints, network devices , databases, storage, (Internet of Things), etc. . “
  • The requirements include a “pre-assessment approach, project management and stepwise approach methodologies for the proposed solution”; roughly predetermine the extent of “any additional network traffic resulting from the various scans and / or assessments” to avoid denials of service and / or bandwidth issues; the scope of external penetration tests for up to 42 IP addresses; and the scope of internal penetration testing and vulnerability assessments for up to 300 IP addresses. The selected vendor will also be responsible for the scope of wireless network penetration testing for up to seven SSIDs across multiple physical locations. The proponent will also configure “all software and / or hardware components necessary for the implementation of the various cybersecurity assessments offered”. The scope of the proposed cybersecurity assessment “will include up to 10 web application penetration tests”.
  • The Respondent’s Statement of Qualifications must indicate the “size, stability and capacity” of the organization, including the total number of years in business and the number of years the proponent has provided “service”. similar to the scope of the services described in this RFP ”. The declaration must also include the total number of current employees; number of offices and locations; number of employees in the office that will provide the services; any “past, current or potential conflict of interest” that may arise as a result of the performance of this work; Respondent’s experience in providing cybersecurity and risk assessments, and in completing “projects of similar size, scope and complexity to the procurement required by this RFP.” The proponent should also include a list of recent projects. The proposed project staff should include “Account Manager, Project Manager, Senior Trainer, Technical Architect” and all other people assigned to the project, along with their qualifications.
  • The precise value of the contract is not indicated. Its duration must begin after all have signed and “continue until the completion of all services” in accordance with the time requirements. Questions must be asked by 3 p.m. on January 7, and answers by January 12. Proposals must be submitted by 2:00 p.m. on January 18.
Source link

About Jon Moses

Check Also

2021: A year in open source

Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies …