211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1
Size: px
Start display at page:

Download "211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1"

Transcription

1 211 LA County Technology Infrastructure Assessment Request for Proposals August 2012 Request for Proposals- 211 LA County 1

2 1. General conditions and proposers directions 1.1. Overview LA County is seeking a vendor to perform a comprehensive security assessment This project will focus on 211 LA County s two sites: the main operational site located in San Gabriel, CA and the virtual server back- up location currently hosted by Rackspace Schedule The following timetable will apply to all Proposers: Release of RFP to Proposers: August 1, Proposers due date: August 20, Anticipated project start date: September 10, Completion date: October 19, Proposers requirements Interested and qualified Proposers who can demonstrate their ability to successfully provide services of the type described in this RFP are invited to submit proposals providing they have proven experience of at least five (5) years in the enterprise network security field Proposer will provide a team of experts to perform all items in the Statement of Work (SOW) for both the San Gabriel and virtual server cloud locations Proposer s team must include individuals with prior professional experience in the following areas: System administration Internet penetration testing Web application testing Vulnerability testing/studies Firewall configuration Remote access Cryptography Authentication, authorization, and access controls Data backup Storage System redundancy Operating systems Linux Windows Server and professional Network architecture and design Remote access including VPN Site to site network connectivity IT policies, documentation and processes Proposer must be available to start on the anticipated project start date Submission of Proposal August 2012 Request for Proposals- 211 LA County 2

3 Proposers are instructed to comply with all instructions regarding the content, submission, and format of their proposal. Those proposals, which are deemed to be non- responsive, will be disqualified and 211 LA County will not evaluate them substantively. Proposers are cautioned that proposals that do not follow the format or contain the information required by the RFP may be considered non- responsive and are subject to rejection without any further and/or complete review at the absolute and sole discretion of 211 LA County Proposals are to be submitted electronically as a PDF attachment and ed to tech_rfp@211la.org Proposals must be received by no later than 11:59 p.m. on August 20, Each submitted proposal will receive an reply which will serve as a receipt and acknowledgement of submission Proposals received after this time may not be accepted Only one proposal per individual, firm, co- partnership, corporation, or association under the same or different names shall be considered Faxed copy of proposal will not be accepted The primary contact at 211 LA County will be: Amy Latzer, Chief Operating Officer; ; alatzer@211la.org 1.5. Contents of proposals Part 1 shall be entitled Cover Letter with an introduction including the RFP title; name and address of the organization submitting the proposal; name, address and telephone number of the contact person(s) who will be authorized to make presentations and facilitate on site visits for the Proposer; and the name, address, and telephone number of the person(s) authorized to bind the Agreement. The cover letter shall also include: 1.) a statement indicating whether the Proposer intends to perform this project as a single contractor or as a prime contractor with one or more subcontractors. 2.) Identification of all subcontractors and a description of work to be performed by each of the subcontractors. 3.) The proposer s Federal Tax Identification Number. The cover letter must contain the current date of submission and not exceed one (1) page Part 2 shall be entitled Table of Contents and shall include a detailed outline of the materials identified by sequential page numbers and by section reference numbers including, but not limited to the headings described in this section that pertains to the overall proposal format Part 3 shall be entitled Executive Summary. The Executive Summary should describe the Proposer s plan to field and test the 211 security practices; and to deliver recommendations to the 211 Executive Officers/Management regarding the current state of 211 s IT security practices with a detailed/critical overview of recommendations for improvement and/or modification. August 2012 Request for Proposals- 211 LA County 3

4 Part 4 shall be entitled Corporate Overview and shall include a detailed description of the Proposer s professional experience in the areas listed in section while not exceeding three (3) pages Part 5 shall be entitled Acceptance of Terms and Conditions and shall include a statement affirming the Proposer s acceptance of all terms and conditions set forth in the RFP and any addenda to this RFP. All proposed changes to the standard Terms and Conditions must be clearly noted Part 6 shall be entitled Response to Statement of Work. Proposers will provide more detail of the overview presented in the summary, not to exceed five (5) pages including text, figures, charts, and other graphics. Provide details on the desired technical approach used to meet the requirements. Also identify 211 LA County resources such as staff time, skill sets, hardware, and space required for successful implementation of this project Part 7 shall be entitled Work Schedule and include dates and milestones to complete the project Part 8 shall be entitled Pricing Chart and include a total cost to 211 LA County along with a cost breakdown for the following sections: Part 9 shall be entitled References and shall provide the following reference information: Provide at least three (3) references from project of similar scope including company name, contact person, contact phone number, and a brief description of the project performed Part 10 shall be entitled Additional Data and will contain material and data not specifically requested for evaluation, but which the Proposer wishes to submit Part 11 shall be entitled Exceptions to Agreement wherein the Proposer shall detail any and all exceptions to proposed Agreement provisions including, but not limited to, any exceptions to conditions or requirements set forth in the Agreement, the Statement of Work, or the RFP Part 12 shall be the last page of the proposal and shall include the signature(s) of the person(s) authorized to bind the Proposer to an agreement, and a certification that the prices quoted in the proposal were arrived at independently, without consultation, communication, or August 2012 Request for Proposals- 211 LA County 4

5 agreement with any Proposer or competitor for the purpose of restricting competition No Proposer shall stipulate any conditions other than those stated/required by this RFP Obligations of 211 LA County The receipt of proposals by 211 LA County does not obligate 211 LA County in any way Proposal warranty Each Proposer warrants that it has checked its proposal for errors and omissions, that the prices outlined in the proposal are correct and as intended by the Proposer, and that the prices are a complete and correct statement of the costs for performing the work as outlined in their proposal Proposal selection and evaluation process LA County reserves the sole right to judge the contents of the proposal submitted by the Proposer in the review, evaluation, and selection of the successful proposal All proposals will be evaluated after submission and opening to determine the qualification of each Proposer and proposal. This will be a pass/fail evaluation which focuses on whether the proposal has met the minimum requirements set forth in this RFP. A proposal that does not meet the minimum requirements shall be disqualified. 2. Statement of work 2.1. Description of 211 LA County LA County is dedicated to providing an easy to use, caring, professional source of guidance, advocacy, and 24 hours/7 days per week access to a comprehensive range of human services to the people of Los Angeles County. In order to accomplish our mission we (1) help people find and effectively utilize human services; (2) collect, classify and disseminate information about health and human services and inquirer needs in ways which optimize the quality and efficiency of the health and human services delivery system; (3) provide leadership, technical assistance, training and support to other I & R providers and direct service agencies; and (4) participate in community- wide planning and service coordination coalitions LA County is a 501(c)(3) non- profit organization so include any special non- profit pricing available LA County operates 24 hours a day, 7 days a week, and 365 days of the year. All penetration tests and vulnerability scans should be performed during non- peak times between 10:00 PM and 8:00 AM in the morning Penetration tests and vulnerability scans must not jeopardize the normal operation and/or adversely affect the performance of any 211 LA County system Project Objectives August 2012 Request for Proposals- 211 LA County 5

6 The objective of this project is to provide a comprehensive review of the current status of 211 IT infrastructure, design, and maintenance and security practices; and to deliver a set of clear, concise recommendations on how best to leverage IT infrastructure to meet the needs of 211 s mission now and to be flexible for expansion in the future Network security assessment External security assessment Perform ping sweep and port scan of external IP addresses Perform vulnerability scan of all external IP addresses Perform penetration test from the Internet Review configuration of gateway firewalls; Ingress and egress ACL s VPN including configuration, remote client software, and remote access procedures VPN cryptography Internal security assessment Perform ping sweep and port scan of Internal IP addresses from each vlan Perform vulnerability scan of all Internal IP addresses from each vlan Using a standard user account (issued by 211 LA County), attempt to access restricted files, directories, and systems Review server and service configuration Review voice call data transmission security Review voice call data storage security practices Review voice call data accessibility and security security restoration practices encryption Cloud server environment assessment Perform ping sweep and port scan of all externally hosted 211 LA County servers Perform vulnerability scan of all externally hosted 211 LA County servers Review documentation for accessing off site servers for maintenance Assess VMware environment Perform security assessment on the 211 LA County VMware virtual environments at any applicable location including the virtual hosts and SAN storage systems currently being used Document the current VMware architecture, and physical deployment of VMWare service onto physical hardware Provide documentation for developing and deploying VMs in coordination with 211 IT Manager and Architect Network Architecture Security Assessment August 2012 Request for Proposals- 211 LA County 6

7 Document the network architecture, including service deployments, bare metal connections, hardware hosts, etc Analyze the network architecture for vulnerabilities Analyze authentication, authorization and access controls for all systems including Active Directory Provide recommendations on scalability, testability, and utility of current Network architecture Web application security assessment Perform security testing from an internal and external source on the hosted Customer Relationship Management (CRM) web based application (LAPP based) Analyze the CRM code vulnerabilities Physical security assessment Perform a security assessment at the San Gabriel location that includes but is not limited to the following checks: Access into the building. Access to the server room. Access to restricted areas like the accounting and executive offices Deliverables Executive report The executive report will be a brief overview that includes the findings scope, and overall disposition for IT security of 211 LA County Full Report Executive summary- a brief overview that includes the findings, scope, and overall disposition for security best practices of 211 LA County Network security assessment Final report will include at minimum the following: Overview Summary of findings Recommendations Summary of methodology- detailed accounting of the tools and methods used to perform analysis, scans, and tests Comparative analysis: Present an analysis that ranks and compares each individual main item in the SOW 2.3 to that of at least 4 other companies Categorized by main SOW items, a detailed breakdown of all findings providing 211 LA County with the information necessary to address areas of concern including a summary of high, medium, and low priority findings. The breakdown should include but is not limited to: System(s) affected Description of vulnerability August 2012 Request for Proposals- 211 LA County 7

8 Risk level Mitigation recommendations and resources An in- person oral presentation of the above findings will also be required for a discussion session. August 2012 Request for Proposals- 211 LA County 8

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information