Secure Electronic Voting RFP Kit



Similar documents
UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

REQUEST FOR PROPOSAL windows,sliding glass door repair and replacement contractors

MASTER SERVICES AGREEMENT - DIGITAL ADVERTISING SERVICES

Request for Proposal 911- SUPPLEMENTAL ALI DATABASE MANAGEMENT SERVICES AND SUPPORT

Penetration Testing. Request for Proposal

Introduction and Background

MU2E PROCUREMENT MANAGEMENT PLAN

REQUEST FOR PROPOSAL

ASPIRUS HEALTH SYSTEM

ATTACHMENT A. Ozarks Technical Community College Pre-Established Criteria for Construction Management and Design Build Construction Projects

Penobscot County IT Department Technology Modernization: Server and Storage Virtualization

Request for Proposal NORTEL TELEPHONE SYSTEM MAINTENANCE SERVICES. Luzerne County Information Technology Department LUZERNE COUNTY PENNSYLVANIA

Open Source CMS Website Migration

CORPORATION FOR PUBLIC BROADCASTING Request for Proposals Moderated Online Focus Groups and Data Analysis

REQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/ ARCHIVING

MODEL REQUEST FOR PROPOSALS (RFP) TEMPLATE Generalized for professional services.

PART 252 SERVICE-DISABLED VETERAN-OWNED-BUSINESS ENTERPRISE PROGRAM. (Statutory authority: Executive Law, 200, 369-i[5])

Contracting for Services

High Definition Video Production for the Ontario College of Trades (the College) Request for Proposal (RFP) No. OCOT/CM/

CITY OF LOCKPORT ELECTRIC AGGREGATION PROGRAM PLAN OF OPERATION AND GOVERNANCE. Background

Request for Proposal MAINTENANCE SERVICES FOR NEC TELEPHONE SYSTEMS. Luzerne County Information Technology Department LUZERNE COUNTY PENNSYLVANIA

Request for Proposal Permitting Software

DGS (VCCS Rev. 04/15) Page 1 of 7 REQUEST FOR PROPOSALS

Vermont Energy Investment Corporation (VEIC), a nonprofit organization, requests proposals for Website Content Strategy for Efficiency Vermont.

Request for Proposals Human Resources Services

UNO CHARTER SCHOOL NETWORK ( UNO-CSN ) Invitation for Bids ( IFB ) for ELECTRICAL UPGRADES

SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY

REQUEST FOR PROPOSALS. 403(b) Retirement Plan Investment Analysis and Consulting. July 2012

Cleveland County Emergency Medical Services. PO Box Shelby, NC Request for Proposal. For. Debt Collection Agency Services

REQUEST FOR PROPOSAL

City of Pittsburgh, PA - Request For Proposals and procurement Process

Procedures for Tenders and Contracts. October Huon Valley Council Procedures for Tenders and Contracts October 2014 Page 1 of 14

APPALCART REQUEST FOR PROPOSAL

CORPORATION FOR PUBLIC BROADCASTING Request for Proposals Community Service Grants Business Process Analysis

REQUEST FOR PROPOSALS FOR LANDSCAPE ARCHITECTURAL SERVICES TOWN OF AVON, CONNECTICUT

REQUEST FOR PROPOSALS Print/Mail/Postage Services

CITY OF SAN JOSE REQUEST FOR.QUALIFICATIONS (RFQ) EVALUATOR (ATTORNEY) AND INVESTIGATOR- SAN JOSE ELECTIONS COMMISSION

REQUEST FOR PROPOSALS BOND COUNSEL SERVICES FOR AFFORDABLE HOUSING RFP # Santa Ana Housing Authority

Unified School District No. 489 Request For Proposals

STATE OF WEST VIRGINIA BOARD OF RISK AND INSURANCE MANAGEMENT REQUEST FOR PROPOSAL RFP#

Video Production Services for the Ontario College of Trades (the College)

Request for Proposals: Online Course Development

NEWBURGH ENLARGED CITY SCHOOL DISTRIST NEWBURGH, NEW YORK REQUEST FOR PROPOSAL ARCHITECTURE SERVICES

CLOSING LOCATION Island Hwy Nanaimo BC, V9T 6N4

CITY OF CHILLICOTHE REQUEST FOR PROPOSALS

REQUEST FOR PROPOSALS FOR FINANCIAL ADVISORY SERVICES

First 5 Trinity County Request for Proposal Website Design for First 5 Trinity County Complete Bids are Due October 2, 2015 at 5:00 p.m.

FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment

P A G E C O U N T Y V I R G I N I A

Business Intelligence Data Analyst

Best-Value Procurement Manual. MnDOT Office of Construction and Innovative Contracting (OCIC)

Request for Proposal Enterprise Information Technology Security Assessment

UAC (As of April 1, 2015) Printed: April 4, 2015 Page 1

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER

Senior Security Analyst

TAHOE REGIONAL PLANNING AGENCY REQUEST FOR PROPOSAL FOR SOFTWARE CONSULTANT

LEARNING MANAGEMENT SYSTEMS (LMS) MASTER AGREEMENTS #90936 ORIENTATION MAY 17, 2012

FORT PIERCE UTILITIES AUTHORITY Committed to Quality

RE: REQUEST FOR PROPOSAL RFP FLEET MANAGEMENT CONSULTING SERVICES

NEGAUNEE PUBLIC SCHOOLS. REQUEST for PROPOSALS ENERGY SAVING CAPITAL IMPROVEMENT PROJECTS. On a PERFORMANCE CONTRACTING BASIS

Office of Purchasing/Contracting*324 W. Evans Street*Florence, South Carolina 29501

Request for Proposal Business & Financial Services Department

City of New Rochelle New York. REQUEST FOR PROPOSAL Specification No. 5044

TOWN OF WEST NEW YORK REQUEST FOR QUALIFICATIONS LEGAL SERVICES WORKER S COMPENSATION ATTORNEY. Qualification Period January 1, 2014 December 31, 2014

Corporation for Public Broadcasting Travel Management Services Request for Proposals Due: September 21, 2015 at 5 p.m. EST

E-Newsletter and Marketing Solution Request for Proposal. Scope of Work

Amendment 3: HRIS/Payroll only

UCLA HEALTH REQUEST FOR PROPOSAL HEALTHCARE RETAIL STRATEGY RFP NUMBER 8021 DATE ISSUED: JUNE 1, 2015

REQUEST FOR PROPOSAL FOR ARCHITECTURAL DESIGN SERVICES. The Battery Conservancy

TABLE OF CONTENTS. Prefacej... 1

TOWN OF LINCOLN INVITATION TO BID EMERGENCY PLANNING, DISASTER RECOVERY AND HAZARD MITIGATION GRANT PROGRAM SERVICES RFP #

QSP INFORMATION AT A GLANCE

Solicitation Information February 26, 2016

REQUEST FOR PROPOSAL FOR INSURANCE AGENT/BROKER AGENT OF RECORD

Request for Proposals (RFP) Strategic Education Consulting Services December 2012 FILING DEADLINE: DECEMBER 21, 2012 (5 P.M. EST)

Lawrence Livermore National Laboratory

REQUEST FOR QUALIFICATIONS

REQUEST FOR PROPOSALS. On-Call HVAC Contractor Services GFN 1661

Request for Proposal Insurance Broker Agent of Record

Time Warner Cable Inc. Audit Committee Charter. Effective February 14, 2013

END USER LICENSE AGREEMENT ( EULA )

PIERCE COUNTY LIBRARY SYSTEM. REQUEST FOR PROPOSAL (RFP) for. Telephone Service (Analog Phone Service)

COUNTY OF TANEY, MISSOURI

Issue Date: March 4, Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain Time to:

LOS ANGELES COUNTY EMPLOYEES RETIREMENT ASSOCIATION REQUEST FOR PROPOSAL JULY 10, 2014

Request for Proposal For: CQ5 Java Developer. ABA Information Systems April 11, Table of Contents

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

Request for Proposal Posted: March 4, 2015 After Hours Answering Service RFP No

Request for Proposals

8.OFFER DUE DATE: 2:00pm September 18, PAYMENT DISCOUNT TERMS

Bid closing date December 21, 2013

City of Kenmore, Washington

Construction Performance Bond. THIS CONSTRUCTION PERFORMANCE BOND ( Bond ) is dated, is in the penal sum of. Sample Preview CONTRACTOR: Address

Request for Proposal (RFP) K3311 Disaster Recovery as a Service (DRaaS)

Purchases from $750 $1,500 requires 3 Verbal Quotes. Purchases from $1,501 $24,999 requires 3 Written Quotes

Key Information Summary Sheet. Temporary Agency Document Management Staffing Services. Invitation for Bids No

PIERCE COUNTY LIBRARY SYSTEM. REQUEST FOR PROPOSAL (RFP) for PRINT MANAGEMENT SYSTEM FOR PUBLIC COMPUTERS

RESIDENTIAL REAL ESTATE AGENT SERVICES FOR NEIGHBORHOOD STABILIZATION PROGRAM

Transcription:

Secure Electronic Voting RFP Kit The purpose of this document is to assist election officials in jurisdictions with DRE voting systems in identifying and selecting qualified independent security experts to perform a security assessment of those systems. The following guidelines are provided for officials to consider: Qualifications: Few studies of voting machine security have been conducted to date. Thus, direct experience is not necessary. However, prospective Vendors should be able to demonstrate a track record of more than five years of design analysis, code reviews, and penetration testing for highly demanding environments such as major financial institutions or intelligence agencies. References: In all likelihood, the marketing pitches made in responses to the RFP will look and sound alike. Take the time to speak with references at length. Ask them about the prospective Vendor s methodology, openness of communications, quality of findings, and clarity and usefulness of the report(s) prepared. Make sure the references are from institutions with demanding security requirements. Price: Quality security assessments are relatively expensive this is custom work and few people have the necessary expertise. It is standard to pay about 10% of the overall project costs for direct security costs, though for voting systems work that percentage is likely to be lower than in the private sector. Independence: Look for firms that are independent of hardware and software vendors and from the policy debates over these issues. Too often, firms with product ties recommend the use of their products where alternative solutions would better serve your needs. Once written into recommendations, it will take extra work on your part to justify why you are not following the expert s product recommendations. Timing and Communication: Rather than simply send the RFP to a large number of unknown Vendors, it is preferable to conduct research to identify well-qualified firms to target in conjunction with the RFP process. Experience shows that these discussions will help refine your expectations of the actual project and will allow officials to expedite the Vendor selection process. These discussions will also ensure that the prospective Vendors understand the scope of work and any state-specific requirements and, more importantly, enable your team to assess the responsiveness and qualifications of the Vendors in ways that written RFP responses alone cannot. 1

RFP Template Purpose of RFP The purpose of this RFP is to enable [contracting jurisdiction] to procure the services of a highly qualified independent consulting firm to conduct a security assessment of [contracting jurisdiction] s electronic voting systems and make recommendations to remedy any deficiencies that are found. Confidentiality The terms of this RFP and all other information provided to the Applicant in connection with the RFP or otherwise in connection with this Vendor selection process are to be treated by the Applicant as strictly confidential and proprietary. Such materials are to be used by the Applicant solely for the purpose of responding to the RFP. Access shall not be granted to third parties except upon prior written consent and upon the written agreement of the intended recipient to treat the same as confidential. We may request at any time that any materials be returned or destroyed at the [contracting jurisdiction] s election. Responses to this RFP will be deemed public information and should not contain proprietary or sensitive information. Administration Technical Contact Any questions concerning technical specifications or Statement of Work (SOW) requirements must be directed to: Name: Address: Phone(s): Fax: Email: Alternate: (include name, phone number, and email address) Contractual Contact Any questions regarding contractual terms and conditions or proposal format must be directed to: Due Dates Name: Address: Phone(s): Fax: Email: Alternate: (include name, phone number, and email address) A written confirmation of the Applicant s intent to respond to this RFP, sent to the Contractual Contact shown above must be received by [Date]. This must be sent in hard copy via U.S. Mail (unless other means of transmission have been specifically and previously agreed to). All proposals are due by Time and Date. Any proposal received at the designated location after the deadline specified for receipt shall be considered late and non-responsive. Late proposals may be evaluated at the discretion of [contracting jurisdiction]. Proposals must be sent in hard copy via U.S. Mail (unless other means of transmission have been specifically and previously agreed to). 2

Costs All costs Applicants may incur in preparation of an RFP response are Applicant s sole responsibility. Contract Award Award of the contract(s) resulting from this RFP will depend upon which Applicant s proposal is determined to be the most advantageous and responsive to this RFP in terms of cost, functionality and other factors listed below. [Contracting jurisdiction] reserves the right to: Reject any or all offers and discontinue this RFP process without obligation or liability to any Applicant Accept other than the lowest priced offer Award a contract on the basis of initial offers received, without discussions or requests for best and final offers Award more than one contract Schedule Event RFP Distribution to Vendors Written Confirmation of Intention to Bid Bidder teleconference Q&A Proposal Due Date Vendor Selection Date Anticipated Commencement of Work Date X X + 1 week X + 2 weeks X + 2 weeks X + 4 weeks X + 6 weeks Requested Services Examine and critique the [contracting jurisdiction] s standards governing electronic voting for consistency with relevant NIST and FEC standards and guidelines. Conduct a review of publicly available information about known vulnerabilities in the voting machines used by [contracting jurisdiction]. Conduct a limited review of the source code of each type of voting machine (make, model, software revision level) to determine if the programming is reasonably resistant to relevant threats and risks of malfunction. Conduct a limited hands-on evaluation of the voting system (aka Red Team exercise) to assess its resistance to compromise and malfunctions. Review and critique procedures used for handling electronic voting systems and data during election preparation, voting, reporting, and after polling. Document all findings, conclusions, and recommendations in a comprehensive, customized report. Assist [contracting jurisdiction], upon request, in overseeing the remediation of any problems found during the assessment. 3

Guidelines for Proposal Preparation Applicant s proposal submitted in response to this RFP will be incorporated into the final agreement between [contracting jurisdiction] and the selected Vendor. Submitted proposals should include each of the following sections: Executive Summary Firm Background and Qualifications (including but not limited to) - Relevant experience? - Ownership - Number of years in business? - Number of employees and contractors? - Merger and acquisition history - United States entity? - Percentage of sales or work revenue related to this type of consulting - List of clients Approach and Methodology Project Management Project Communications Description of Analysis and Deliverables Methodologies Proposed Project Team including resumes Employee security certifications and clearances Project timing and fees Legal terms & conditions Financial Statements Certificate of Insurance Vendor contact information 3 references at a minimum Description of Electronic Voting System [Insert brief description of electronic voting system including details about the jurisdiction (geographic extent, political subdivisions, number of polling places), the types of machines, the number of systems, architecture, and controls. This description should be sufficient to enable prospective Vendors to scope the work.] Evaluation Factors for Award Any award to be made pursuant to this RFP will be based upon the proposal with appropriate consideration given to operational, technical, cost, and management requirements. Evaluation of proposals will be based principally, though not exclusively, upon the Applicant s responsiveness to the RFP and the total price quoted for all items covered by the RFP. The following will be the primary considerations in evaluating the responsiveness of each submitted proposal: Comprehensiveness and clarity of proposal. The extent to which Applicant s proposed services would fulfill [contracting jurisdiction] s requirements as set forth in this RFP. An assessment of the Applicant's ability to deliver the indicated services in a professional and timely manner, including the Applicant s stability, experience, and record of past performance in delivering similar services. 4

Availability of high-quality personnel within Applicant s employ with the required skills and experience to perform the proposed services. Applicant s acceptance of [contracting jurisdiction] s contractual terms and conditions, if applicable. Overall cost of Applicant s proposal. Responses from references. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information