Loading...
Skip to main content
< Back to results

Approved Scanning Vendor


Location
New Hampshire
Publication Date
11/04/2019 08:41 AM EST
Closing Date
02/21/2020 02:00 PM EST
Issuing Organization
State of New Hampshire - Department of Administrative Services
Solicitation Number
Description

Specifications include, but are not limited to: Vendor shall provide Approved Scanning Vendor (ASV) services available to all State Agencies to conduct external vulnerability scanning in compliance with the current version of the PCI DSS Requirement 11.2.2. The ASV Vendor must identified on the Payment Card Industry (PCI) Data Security Standards (DSS) ASV List and in good standing. If the Vendor is ever removed from the list or put on remediation status, it must inform the State immediately. The Vendor must adhere to professional and business ethics, perform its duties with objectivity, and limit sources of influence that might compromise its independent judgment in performing PCI scanning services. The ASV Company must possess information security/vulnerability scanning assessment experience similar to the PCI scanning services and have a dedicated security practice that includes staff with specific job functions that support the information security/vulnerability scanning practice. The Vendor at all times must have at least two (2) ASV employees performing or managing PCI scanning services and these employees must be qualified by the PCI Security Standards Council (SSC). The Vendor must maintain the privacy and confidentiality of the information it obtains in the course of performing its duties and obligations as an ASV Company. The Vendor cannot be the State’s current Qualified Security Assessor (QSA). The Vendor shall perform monthly external scanning as follows: • Automatically scan the list of external IP addresses and/or domains for known vulnerabilities and configuration issues; • Provide an executive and technical compliance report; • Provide a detailed findings report that shall include, compliance status, prioritized vulnerabilities, policy weaknesses, and remediation recommendations; • Provide a secure web portal that allows each agency to review its findings and reports as well as consolidate all agency scans at a State level; • Ability for the State to download all detailed findings in a CSV or Excel spreadsheet format to use for internal remediation efforts. Individual findings shall be listed in its own row; and • All DAS and staff designated by DAS, the ability to set-up and modify scan schedules and set-up, modify, and disable users.

Get instant access

Get instant access to solicitation details & future business opportunities.

to solicitation details & future business opportunities.

Get Access

Vendor packages with access to similar open solicitations

Matching bid notifications & access to all Statewide & Group bid details

Statewide

Matching bid notifications & access to all Statewide & Group bid details

Matching bid notifications from participating agencies

Group

Matching bid notifications from participating agencies

Access participating agency bids

Basic

Access participating agency bids