Specifications include, but are not limited to: The vendor shall assess the UTA wireless infrastructure security posture to provide a detailed analysis of any identified wireless infrastructure vulnerabilities, gaps in IT wireless security governance, current wireless network security capabilities, and any potential wireless infrastructure security incidents. The Assessment and reporting will follow the NIST 800-53 MODERATE security controls. The Assessment will consist of external and internal wireless infrastructure within, on, or controlled by UTA, and shall consider, at a minimum, the following to be within the scope of work: Identification of wireless infrastructure and vulnerabilities. The Assessment will be limited to publicly accessible wireless infrastructure residing in UTA network segments deemed part of the DMZ. It includes underlying wireless management, out-of-band zones, and segments, providing network communications and services to publicly accessible systems. The private addresses will also be in scope, but access will be through other means. UTA will provide network segments in scope for this Assessment upon award of the Assessment. Conduct vulnerability scanning of UTA wireless infrastructure components. Scans must be after regular business hours (7:00 AM - 5:00 PM) or as directed by UTA’s POC. The UTA IT Team will coordinate scan activity with the vendor before initiating. Conduct penetration testing for publicly accessible wireless infrastructure when initial vulnerability scanning identifies potential high-impact vulnerabilities. UTA and the Vendor will select the Wireless Systems for penetration testing during the security assessment engagement. In the event Penetration testing gains access to a system, the testing should assess the ability of the attacker to leverage the system for access to other systems and networks. Develop an inventory of all UTA wireless infrastructure hardware and firmware. Gap Identification in IT wireless security governance - Make recommendations on the UTA incident management plan. Current vulnerabilities - Recommend best practices to better secure UTA wireless infrastructure. Review existing wireless security systems and components, firewalls, and network monitoring. The vendor will assess current wireless security capabilities and their ability to identify, alert, and potentially stop cyber-attacks, data loss, and misuse of IT resources. These network security resources include firewalls, Intrusion Prevention Systems (IPS), and third-party monitoring systems.
