Pre-proposal Conference

Similar documents
PRE-PROPOSAL CONFERENCE

The information contained in this presentation is for informational purposes only

PRE-PROPOSAL CONFERENCE

RFP No C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST

RFQ No B134 Payment Card Industry (PCI) Scanning Services for the Metropolitan Washington Airports Authority

RFP No C111 Enterprise Business Innovation Technical Services (ebits) for the Metropolitan Washington Airports Authority

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

Report to the Business Administration Committee. Recommendation to Award a Fixed Base Operator Contract at Washington Dulles International Airport

--Participates in program reviews and pre-negotiation conferences with technical and management personnel on proposed procurement programs.

DISTRICT OF COLUMBIA SUPERIOR COURT OFFICE OF CONTRACTS AND PROCUREMENT REQUEST FOR PROPOSALS (RFP) FROM GSA FEDERAL SUPPLY SCHEDULE CONTRACTORS FOR

RFP No C037 Automated Passport Control Kiosk Solution for the Metropolitan Washington Airports Authority

Notice: Questions may have been edited for clarity and relevance

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

AMENDMENT OF SOLICITATION

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

M E T R O P O L I T A N W A S H I N G T O N A I R P O R T S A U T H O R I T Y

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Payment Card Industry (PCI) Penetration Testing Standard

Goals. Understanding security testing

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

STATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT

City of Cotati Sonoma County, California

REQUEST FOR PROPOSAL #R13004 INFORMATION SECURITY PENETRATION ASSESSMENT

Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015

Request for Information (RFI) for

Introduction and Background

RFP No C024 Auditing Services for Phase 1 of the Dulles Corridor Metrorail Project for the Metropolitan Washington Airports Authority

REQUEST FOR QUOTE (RFQ)

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

SOLICITATION NO C005 DULLES TOLL ROAD ADMINISTRATION BUILDING HOST COMPUTER REPLACEMENT (NON-PROPRIETARY) QUESTIONS AND RESPONSES

Vendor Questions and Answers

KLAMATH COUNTY, OREGON REQUEST FOR PROPOSAL TO PROVIDE PUBLIC ENTERPRISE ONLINE BACKUP AND DISASTER RECOVERY SERVICES

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

The NOSB Marine Science Program

PROGRAM YEAR Date of Issuance: 10/26/2006

Request for Proposal For Fund Developer

IOWA LOTTERY AUTHORITY BID Security Assessment Services

Request for Proposal (RFP) K3311 Disaster Recovery as a Service (DRaaS)

RFP No C006 Human Resources Management System for the Metropolitan Washington Airports Authority

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

Request for Proposals on Security Audit Services

RFP ADDENDUM NO. 1

Information Security Organizations trends are becoming increasingly reliant upon information technology in

FedRAMP Standard Contract Language

REQUEST FOR PROPOSAL FINANCIAL ADVISOR SERVICES FOR COMMUNITY CONSOLIDATED SCHOOL DISTRICT 62

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT

ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B

CITY OF MILTON REQUEST FOR PROPOSAL # ITS

Vendor 1 QUESTION CCSF RESPONSE

Scoping Questionnaire for Penetration Testing

Secure Electronic Voting RFP Kit

SCOPING QUESTIONNAIRE FOR PENETRATION TESTING

STATE OF NEW JERSEY IT CIRCULAR

External Supplier Control Requirements

1. Why is the customer having the penetration test performed against their environment?

Trust Digital Best Practices

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Pre-Proposal Conference. DoIT Cloud Hosting & Web Shared Services. RFP # F50B Conference Room 164 A&B 45 Calvert Street Annapolis, MD 21401

Request for Proposals Tendering and Contract Management Services Housing Prototype

Request for Professional Services Proposals (RFP) MWBE Monitoring System For the St. Louis Development Corporation

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

DEPARTMENT OF MENTAL HEALTH/EVIDENCE-BASED SUPPORTED EMPLOYMENT REQUEST FOR PROPOSAL AMENDMENT NUMBER ONE (1) RM-11-RFP-042-BY4-TLW

REQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/ ARCHIVING

CITY OF DALLAS. Request for Competitive Sealed Proposal (RFCSP) BUZ1524. For. SCADA Repair, Parts and Support

EA-ISP-012-Network Management Policy

CITY OF LEMOORE REQUEST FOR PROPOSALS FOR CREDIT CARD PROCESSING SERVICE. City of Lemoore Finance Department 119 Fox St Lemoore, CA 93245

211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1

Request for Proposals. Security Advisory Services for the International Executive Service Corps

REQUEST FOR QUOTATIONS

procedures, disputes, etc. Signs Notice to Proceed, and COTR letters, and other types as applicable. Notifies unsuccessful firms of award decisions.

1. How many user roles are to be tested in Web Application Penetration testing? Provide the approx. no. of input fields in the web application?

Addendum #2 Date: March 10, City of Memphis Network Penetration Services. RFQ # SAIC CoM 2014 RG R Issue Date: January 31, 2014

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Request for Proposal Business & Financial Services Department

City of Woodinville, Washington

Air Conditioning Maintenance Services

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security

High Definition Video Production for the Ontario College of Trades (the College) Request for Proposal (RFP) No. OCOT/CM/

REQUEST FOR EXPRESSIONS OF INTEREST 4643 EOI

Senior Security Analyst

Request for Proposal for Project Server 2013, MS SharePoint 2013 Intranet Development and Mobile Application Development Services

Network Security Audit. Vulnerability Assessment (VA)

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Butler County Policy on Securing of Professional Design Services. Section I: Definitions

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

BID SPECIFICATION PACKAGE

Request for Proposal Posted: March 4, 2015 After Hours Answering Service RFP No

An ICS Whitepaper Choosing the Right Security Assessment

Network Security Policy

Minority and Women Business Enterprises (MBE/WBE) Program

Request for Proposal HIPAA Security Risk and Vulnerability Assessment

City of Bellevue Request for Proposal RFP #15091 Locate Ticket Management Software

SAFEGUARDING YOUR HOMEOWNERS ASSOCIATION AND COMMON AREAS

Request for Quote HIPAA Security Risk Analysis

RFP Call Center Services Final Response to Questions 9/4/15. RFP Text Question Answer

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Transcription:

Pre-proposal Conference RFP 1-15-C017 Office Of Technology Information Systems And Infrastructure Penetration Test January 08, 2015

Disclaimer The information contained in this presentation is for informational purposes only. In the event of a discrepancy between the information contained herein and the RFP documents, the RFP documents will take precedence.

Introductions Office of Technology Kevin James Balaji Karuppiah Al Howard Tom Peifer (COTR) Procurement and Contract Department Cedric Kinlow Shay King

Summary of Solicitation Performance Period: Up to 365 days from the effective date of the contract Anticipated award/start date: March 10, 2015 This will be a Firm Fixed Price (FFP) contract All work will be performed at the Airports Authority s place of business: Ronald Reagan Washington National Airport (DCA) Washington Dulles International Airport (IAD) Dulles Toll Road (DTR) Terms and Conditions of the Solicitation are not negotiable in any material way

Summary of Solicitation This is a Best Value procurement process. Award will be made on a best value basis. The technical merit of the proposal is significantly more important than the price, and price must be fair, reasonable and affordable. May select other than the lowest price proposal if it is determined that the proposal is most advantageous. Price becomes more important as proposals become more technically equivalent. Price evaluation will be based on the fully loaded fixed rates of the base period. Price proposals will be assessed for affordability. The Authority will not make an award for any proposal which proposes prices that would render the procurement infeasible.

Proposal Requirements Proposals are due on January 27, 2015 by 2:00 PM local time at the address indicated on the solicitation. Refer to Section X, Attachments 02, Evaluation Criteria. 02 General Evaluation Criteria and Proposal Submission Requirements

Proposal Submissions Part 1 Representation Package Submit an original and one (1) copy of the following documents: Solicitation Offer and Award Page, Section I Representations and Certifications, Section IV Special Provisions, Use of Contract by Other Jurisdictions, Section VI * Failure to extend a contract to any participating Jurisdiction will have no effect on consideration of proposals LDBE Certification Exhibits as applicable: Exhibit A, Voluntary Efforts to Obtain MBE/WBE Participation

Proposal Submissions Part 2 Price Proposal Submit an original and one (1) copy of the following documents: Price Schedule, Section III Contract Participation Form, Exhibit D,

Technical Proposal Submissions Part 3A 3E Submit an original and Four (4) copies of the Proposal a. Do not include any reference to price. b. Submit on typewritten 8 ½ x 11 plain white paper. c.. Number all pages d. Assemble in a three ring binder or staple. No other binding methods are acceptable. e. Do not exceed twenty-five (25), double-spaced, single sided pages. Exhibits and samples of previous work are not included in the 25-page limit. Address the evaluation criteria in the order they are presented

Evaluation Criteria Criterion 1: Experience, Qualifications and Past Performance of the Firm MWAA will evaluate the past performance of current and previous contracts over the past Three (3) years in accordance with the SOW. Criterion 2: Technical/Quality Control/Management Approach The proposal shall demonstrate an understanding of the technical capabilities in accordance with the SOW. Criterion 3: Key Personnel Experience and Qualifications Proposed key personnel s experience involved in performance of projects included in the firm s references in accordance with the SOW.

Scope of Services The Authority seeks a Qualified Contractor(s) to conduct a Penetration test (Pen Test) to identify and remedy security vulnerabilities found on MWAA s computer system, network and/or Web applications. Contractor to ensure that appropriate system controls and reasonable protections are in place to minimize security threats that may exist regarding MWAA s information systems and infrastructure. TASK OBJECTIVES External Network Penetration Testing: The Contractor shall test approximately 900 public registered IP addresses (92 assigned/in use). The Contractor shall conduct external penetration testing activities to simulate/assess attack vectors from remote users with no previous knowledge of the Airports Authority network. Internal Network Testing: The Contractor shall conduct testing of primary network approximately 4000 IP addresses. The Contractor shall conduct penetration testing activities on the Airports Authority internal network as a non-authorized user to simulate/assess attack vectors on the Authority s network from a user with physical access to Authority s infrastructure. Wireless Penetration Testing: The Contractor shall conduct a wireless penetration test focusing on enumerating and verifying potential attack vectors and threats to the Authority s operating environment. This shall include access point discovery, wireless access penetration testing, and may include (but is not limited to), exploiting weak encryption protocols, identifying open wireless access points, default configurations, and analysis of the segmentation between employee and guest wireless networks. Web Application Penetration Testing: The Contractor will conduct test of web applications approximately 10 sites. The Contractor will perform a web applications penetration test to validate and verify the Airports Authority application security controls for weaknesses, technical flaws, or vulnerabilities.

On-Line Resources The Pre-Proposal Conference Attendees List and this presentation will be posted to the Airports Authority website, http://www.mwaa.com/7607.htm All questions concerning this solicitation must be submitted by 3:00 PM, January 13, 2015 via the Airports Authority's website Answers to all questions received will be posted on-line, and all registered Plan Holders will be notified

QUESTIONS

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information