Solicitation #2309-004 - Cybersecurity Assessment

Solicitation contact:Please log in to view Solicitation contact information Issuing agency:Midpeninsula Regional Open Space District, CASee other Solicitations by this agency Issuing department:Information Systems & TechnologySee other Solicitations by this department Description: Midpeninsula Regional Open Space District (Midpen) seeks a qualified security consultant vendor to conduct a cybersecurity assessment and penetration testing for Midpen’s IT infrastructure and physical security controls. The goal of this RFP is to identify a vendor with proven expertise in cybersecurity assessments and penetration testing to assess Midpen’s current security posture, identify vulnerabilities and recommend appropriate measures to mitigate risks. The District’s budget for the project (Phases I-III) is $49,500. The following is a tentative schedule that is subject to change. 10/13/2023: Deadline to receive Proposals. 10/27/2023: Selection committee ranks proposers 11/8/2023: Interviews and

presentations with selected firms 11/17/2023: Select top-ranked firm and begin negotiations towards development agreement The selected vendor will be expected to perform the following services by June 28th 2024: Phase I: Conduct an assessment to identify potential vulnerabilities and weaknesses in the District’s IT infrastructure, which include network devices, servers, applications, endpoints, and databases using NIST Framework. Phase II: Perform external and internal penetration testing for both Midpen’s IT infrastructure and physical building security to simulate real-world attacks and evaluate the effectiveness of existing security controls. The penetration test should include open-source intelligence gathering as well as social engineering techniques that an attacker could leverage in further attacks against Midpen. Phase III: Develop an implementation plan that provides prioritized recommendations to mitigate found vulnerabilities and weaknesses. Added on Oct 6, 2023:Attention! The schedule has been extended. Please see below for the new schedule: 10/17/2023: Q&A Deadline 10/20/2023: Deadline to receive Proposals 11/03/2023: Selection committee ranks proposers 11/15/2023: Interviews and presentations with selected firms 11/27/2023: Select top-ranked firm and begin negotiations towards development agreement To also clarify, t he District’s budget for the project (Phases I-III) is $50,000. Please also see recent uploaded attachments, RFP Questions and Answers and RFP Questions and Answers Part 2 for questions and answers.