1. Service Area 1: IT Audits and Assessments a. Network Penetration Testing With predefined set of conditions provided by the City department(s), Contractor shall perform cybersecurity testing to determine whether weak or misconfigured network and system component’s vulnerabilities can be exploited to compromise data, and other computing environment resources. Scope of work will include completing a cybersecurity vulnerability and penetration test assessment. The following are deemed within the scope of this effort: i. With Controller and City department(s) agreement, this may include any other interconnected networks. ii. All internally facing systems owned by City department(s), and assessing whether an attacker can exploit vulnerabilities and gain access to the department’s assets, critical data, and internal operations. If any of the department’s systems are hosted by third parties, Contractor will require written approval from the appropriate third party to test systems for the department. iii. All nodes connected to the city department(s) networks including but not limited to laptops, workstations, servers, routers, switches and firewalls. iv. Combined count for the above bullet items may vary depending on the computing environment. However, Proposers are expected to include a provision in the Proposal for addressing overage and Controller will negotiate with the successful Proposer. v. Contractor’s assessment, including but not limited to technical findings and remediation recommendations, must be easily loaded into and/or integrated with the city department’s Governance, Risk, and Compliance (GRC) tool(s), such as LogicGate...
