Specifications include, but are not limited to: City of Rockville is seeking a qualified firm to provide security assessment services. City is undertaking a review of its entire City Infrastructure to improve and enhance security of the organization. City of Rockville would like to review and assess the following areas: Internet security, including vulnerability scanning and more sophisticated by-hand penetration testing. Wireless security, including advanced capabilities for testing the security of wireless infrastructure, network cryptographic protections, and the security of endpoint systems Internal network security and architecture, including network discovery, vulnerability scanning, penetration testing and the mapping of complex trust relationships between system. Business partner connectivity security, including reviews of the systems and controls that protect customers from harm resulting from security incidents on business partner networks, and vice-versa Custom software security, including architectural analysis and code review in a wide variety of languages, with a focus on eCommerce development practices Policy and procedure reviews, including both standards-based gap analysis and (where appropriate) the creation of custom security framework documentation based on NIST special publication 800-53. Social engineering testing, including the creation of custom phishing scams, telephone-based attacks, and in some cases physical intrusion Physical security control reviews, including physical access to City of Rockville property Threat and incident response reviews, including the threat that will be potential harm to City of Rockville, gathering and analysis threats. Standards adherence review, including standardize the process and procedure, IT security workforce, security training across City of Rockville. Configuration review, including review the configuration of all the platforms within City of Rockville systems and make best practices recommendations. Roadmap review, including CIS/SAN Top 20 Critical Security Control, NIST CyberSecurity Framework, 3-5 years IT security strategic security plan and identifying both comprehensive solutions and sensible next steps.
