Specifications include, but are not limited to: a) Leveraging the National Institute of Standards and Technology (NIST) cybersecurity framework to assess the maturity level of the UC cybersecurity environment.; b) External infrastructure assessment with a vulnerability scan that reviews internal and external activity to identify: 1. Intelligence information that an attacker could leverage against the county.; 2. Identify open ports/services associated with security vulnerabilities.; 3. Goal: is to determine if an outside attacker can gain access to UC assets remotely (over the internet) and whether UC IT can detect such activity.; c) Internal vulnerability and penetration testing 1. Network infrastructure devices (include but not limited to routers, switches, firewalls, etc.); 2. Servers; 3. Endpoints (desktops, laptops, mobile, printers); 4. VOIP equipment (though we will be replacing in 2022); 5. Printers; 6. Security cameras; 7. Remote access capabilities; 8. Cloud access and directory services; 9. Third party connections; 10. WAN/MAN connections to UC sites
