This story is limited to Techwire Insider members.
This story is limited to Techwire Insider members. Log in below to read this story or learn more about membership.
In a recent solicitation, a coastal town in the Bay Area is seeking cybersecurity assistance from IT companies.
- The city is seeking “an established IT professional service provider” with “a clear grasp in a wide range of cybersecurity and compliance areas” including penetration testing, risk assessment, security assessment. security, identity and access management, vulnerability management, application security assessment, and regulation and compliance. executives, according to the RFP. The project involves performing âa variety of penetration testing and security assessments of the city’s internal, external and wireless networksâ. The objective is to allow Fremont to have “a comprehensive understanding of the potential risks associated with current vulnerabilities, to assess the effectiveness of current controls”, to ensure that its existing cybersecurity efforts align with “the key security frameworks and best practices such as NIST ‘and improve the effectiveness of the city’s cybersecurity program.
- Fremont’s current environment includes “several” physical sites connected to its network via city-owned fiber optic and two 1 Gbps Internet connections through which the city has “provided a secure VPN tunnel to encrypt traffic.” . The âtopology of the city’s core network is based on Ethernet and consists of two central switches connected via a 10 Gbps WAN (Wide Area Network) fiber optic linkâ. City workstations and servers connect to 1 Gbps edge switches; these switches have “redundant fiber links that connect at 1 Gbps to each primary switch.” Fremont âprimarilyâ uses âMicrosoft Windows operating systems (OS) for endpoints and Microsoft Windows and Linux for servers and devices in addition to several other (OS) used in endpoints, network devices , databases, storage, (Internet of Things), etc. . “
- The requirements include a âpre-assessment approach, project management and stepwise approach methodologies for the proposed solutionâ; roughly predetermine the extent of “any additional network traffic resulting from the various scans and / or assessments” to avoid denials of service and / or bandwidth issues; the scope of external penetration tests for up to 42 IP addresses; and the scope of internal penetration testing and vulnerability assessments for up to 300 IP addresses. The selected vendor will also be responsible for the scope of wireless network penetration testing for up to seven SSIDs across multiple physical locations. The proponent will also configure âall software and / or hardware components necessary for the implementation of the various cybersecurity assessments offeredâ. The scope of the proposed cybersecurity assessment âwill include up to 10 web application penetration testsâ.
- The Respondent’s Statement of Qualifications must indicate the “size, stability and capacity” of the organization, including the total number of years in business and the number of years the proponent has provided “service”. similar to the scope of the services described in this RFP â. The declaration must also include the total number of current employees; number of offices and locations; number of employees in the office that will provide the services; any âpast, current or potential conflict of interestâ that may arise as a result of the performance of this work; Respondent’s experience in providing cybersecurity and risk assessments, and in completing “projects of similar size, scope and complexity to the procurement required by this RFP.” The proponent should also include a list of recent projects. The proposed project staff should include âAccount Manager, Project Manager, Senior Trainer, Technical Architectâ and all other people assigned to the project, along with their qualifications.
- The precise value of the contract is not indicated. Its duration must begin after all have signed and âcontinue until the completion of all servicesâ in accordance with the time requirements. Questions must be asked by 3 p.m. on January 7, and answers by January 12. Proposals must be submitted by 2:00 p.m. on January 18.