Under this engagement, the selected bidder shall perform the following services: Comprehensive Mainframe Security Assessment: Conduct a complete evaluation of the mainframe environment, including hardware, software, and operating systems. Assess security controls, policies, and procedures. Identify and document existing vulnerabilities and weaknesses. Provide recommendations for improving overall mainframe security posture. Mainframe Penetration Testing: Perform a comprehensive penetration test of the mainframe environment. Simulate attacks to identify exploitable vulnerabilities. Assess the impact of successful attacks. Provide detailed reports on findings and recommendations. Re-test to address any findings. Vulnerability Management: Assist in developing a vulnerability management program. Provide recommendations for vulnerability prioritization and remediation. Separate cost breakdown for the following three (3) services: Comprehensive Mainframe Security Assessment, Mainframe Penetration Testing, and Vulnerability Management. Required Deliverables: Detailed project plan outlining the scope, timeline, and resources required. Comprehensive security assessment report. Penetration testing report, including findings, recommendations, and evidence of vulnerabilities Remediation plan outlining steps to address identified vulnerabilities as well as any interim mitigation steps Executive summary of findings and recommendations. Vendor Qualifications: Demonstrated experience in mainframe security assessments and penetration testing. Certifications in relevant security domains (e.g., CISSP, CISA, CISM). Preference for IBM Mainframe Security Administrator Level 1 or Level 2 certification. Proven track record of successful engagements with similar clients. Ability to adhere to strict confidentiality and compliance requirements. Proposals must be submitted in Commbuys by RFQ Response Due Date in Event Calendar above and should include the following information: Company profile and relevant experience. Proposed project methodology and timeline with a target completion date no later than July 8, 2025 Detailed pricing for the proposed services. References from previous clients. The Commonwealth reserves the right to contract with the selected Bidder for additional, related services following the completion of the initial engagement.
