Pre-proposal Conference

Transcription

1 Pre-proposal Conference RFP 1-15-C017 Office Of Technology Information Systems And Infrastructure Penetration Test January 08, 2015

2 Disclaimer The information contained in this presentation is for informational purposes only. In the event of a discrepancy between the information contained herein and the RFP documents, the RFP documents will take precedence.

3 Introductions Office of Technology Kevin James Balaji Karuppiah Al Howard Tom Peifer (COTR) Procurement and Contract Department Cedric Kinlow Shay King

4 Summary of Solicitation Performance Period: Up to 365 days from the effective date of the contract Anticipated award/start date: March 10, 2015 This will be a Firm Fixed Price (FFP) contract All work will be performed at the Airports Authority s place of business: Ronald Reagan Washington National Airport (DCA) Washington Dulles International Airport (IAD) Dulles Toll Road (DTR) Terms and Conditions of the Solicitation are not negotiable in any material way

5 Summary of Solicitation This is a Best Value procurement process. Award will be made on a best value basis. The technical merit of the proposal is significantly more important than the price, and price must be fair, reasonable and affordable. May select other than the lowest price proposal if it is determined that the proposal is most advantageous. Price becomes more important as proposals become more technically equivalent. Price evaluation will be based on the fully loaded fixed rates of the base period. Price proposals will be assessed for affordability. The Authority will not make an award for any proposal which proposes prices that would render the procurement infeasible.

6 Proposal Requirements Proposals are due on January 27, 2015 by 2:00 PM local time at the address indicated on the solicitation. Refer to Section X, Attachments 02, Evaluation Criteria. 02 General Evaluation Criteria and Proposal Submission Requirements

7 Proposal Submissions Part 1 Representation Package Submit an original and one (1) copy of the following documents: Solicitation Offer and Award Page, Section I Representations and Certifications, Section IV Special Provisions, Use of Contract by Other Jurisdictions, Section VI * Failure to extend a contract to any participating Jurisdiction will have no effect on consideration of proposals LDBE Certification Exhibits as applicable: Exhibit A, Voluntary Efforts to Obtain MBE/WBE Participation

8 Proposal Submissions Part 2 Price Proposal Submit an original and one (1) copy of the following documents: Price Schedule, Section III Contract Participation Form, Exhibit D,

9

10 Technical Proposal Submissions Part 3A 3E Submit an original and Four (4) copies of the Proposal a. Do not include any reference to price. b. Submit on typewritten 8 ½ x 11 plain white paper. c.. Number all pages d. Assemble in a three ring binder or staple. No other binding methods are acceptable. e. Do not exceed twenty-five (25), double-spaced, single sided pages. Exhibits and samples of previous work are not included in the 25-page limit. Address the evaluation criteria in the order they are presented

11 Evaluation Criteria Criterion 1: Experience, Qualifications and Past Performance of the Firm MWAA will evaluate the past performance of current and previous contracts over the past Three (3) years in accordance with the SOW. Criterion 2: Technical/Quality Control/Management Approach The proposal shall demonstrate an understanding of the technical capabilities in accordance with the SOW. Criterion 3: Key Personnel Experience and Qualifications Proposed key personnel s experience involved in performance of projects included in the firm s references in accordance with the SOW.

12 Scope of Services The Authority seeks a Qualified Contractor(s) to conduct a Penetration test (Pen Test) to identify and remedy security vulnerabilities found on MWAA s computer system, network and/or Web applications. Contractor to ensure that appropriate system controls and reasonable protections are in place to minimize security threats that may exist regarding MWAA s information systems and infrastructure. TASK OBJECTIVES External Network Penetration Testing: The Contractor shall test approximately 900 public registered IP addresses (92 assigned/in use). The Contractor shall conduct external penetration testing activities to simulate/assess attack vectors from remote users with no previous knowledge of the Airports Authority network. Internal Network Testing: The Contractor shall conduct testing of primary network approximately 4000 IP addresses. The Contractor shall conduct penetration testing activities on the Airports Authority internal network as a non-authorized user to simulate/assess attack vectors on the Authority s network from a user with physical access to Authority s infrastructure. Wireless Penetration Testing: The Contractor shall conduct a wireless penetration test focusing on enumerating and verifying potential attack vectors and threats to the Authority s operating environment. This shall include access point discovery, wireless access penetration testing, and may include (but is not limited to), exploiting weak encryption protocols, identifying open wireless access points, default configurations, and analysis of the segmentation between employee and guest wireless networks. Web Application Penetration Testing: The Contractor will conduct test of web applications approximately 10 sites. The Contractor will perform a web applications penetration test to validate and verify the Airports Authority application security controls for weaknesses, technical flaws, or vulnerabilities.

13 On-Line Resources The Pre-Proposal Conference Attendees List and this presentation will be posted to the Airports Authority website, All questions concerning this solicitation must be submitted by 3:00 PM, January 13, 2015 via the Airports Authority's website Answers to all questions received will be posted on-line, and all registered Plan Holders will be notified

14 QUESTIONS