Loading...
Skip to main content
PhoneCall Us: 800-835-4603 AvatarLogin
Login Window
Forgot your password?
< Back to results

Security and Penetration Testing and Remediation Services

Location
New Hampshire
Publication Date
12/20/2023 11:29 AM EST
Closing Date
01/29/2024 01:00 PM EST
Issuing Organization
State of New Hampshire - Department of Administrative Services
Solicitation Number
LockedRegistered members only
Description

Specifications include, but are not limited to: Vendor shall supply all labor, tools, transportation, materials, equipment and permits as necessary and required to perform services as described herein. Vendor shall provide Security Compliance, Penetration Testing, and remediation services available to all State Agencies. The resulting contract shall be used mainly for PCI-DSS penetration and segmentation testing and not necessarily for any regulatory obligations. All testing shall target social engineering tests tailored to the specific risk situations and compliance considerations of the State. The State requires that all testing must be done from within the United States; access will not be provided to foreign IP addresses. The penetration tester(s) assigned to conduct the testing shall be located within the United States. All testing is typically performed remotely, however agencies with internal Cardholder Data Environments (CDE) have been tested onsite from one location. Agencies shall submit a pre-engagement checklist to the Vendor. Before testing can begin, the Vendor and the State shall hold a preengagement meeting and agree upon the types of testing (i.e., internal, external, application-layer or network-layer) to be performed, how testing will be performed, and what the testing will target. The Vendor shall provide a testing questionnaire and test-authorization form to be completed. The pre-engagement checklist and meeting shall clearly identify, but not limited to, the following: • Whether the services are for a PCI or non-PCI security engagement; • What is in scope, including internally and externally; • Details about any devices in scope; • Products and versions of any cybersecurity technologies and vulnerability management tools in scope; • IP information in scope; • Infrastructure information in scope as the State has a combination of hosted and on-premises environments for its production environments; • Information about regular security assessments performed on a routine basis by independent 3rd parties or their federal counterparts, if applicable and available;

Source
https://apps.das.nh.gov/bidscontracts/ (opens in a new window)
Get instant access to solicitation details & future business opportunities.

Get instant access

to solicitation details & future business opportunities.

Get Access

Vendor packages with access to similar open solicitations

Matching bid notifications & access to all Statewide & Group bid details

Statewide

Matching bid notifications & access to all Statewide & Group bid details
Matching bid notifications from participating agencies

Group

Matching bid notifications from participating agencies
Access participating agency bids

Basic

Access participating agency bids

We use cookies and other similar technology to deliver our online services. Essential cookies are used to enable you to access and navigate our site. These are necessary and are always on. We also use functional, analytics, and marketing cookies when we have your consent to do so. For more information on how we use cookies, please consult our Privacy Policy.