Network Penetration and Compromise Assessment Services

The vendor is required to provide network penetration and a comprehensive compromise assessment for OUR IT infrastructure.
- This Assessment will identify potential vulnerabilities, security gaps, and any evidence of existing compromise across our network.
- A network penetration and vulnerability assessment:
•    Provide security penetration test to 10 external facing servers. 
•    Provide security penetration test to 150 internal networked devices. 
•    Provide security penetration test up to 5 wireless access devices. 
•    Provide a comprehensive compromise assessment for our IT infrastructure. 
•    This assessment will identify potential vulnerabilities, security gaps, and any evidence of existing compromise across our network.
o    Vulnerability scanning of the 1550 endpoints (1400 VDI clients, 100 servers, 50 network devices).
•    PROVIDE security report and solutions to remedy problems identified during testing. 
•    Identify and suggest solutions against vulnerabilities relating to a distributed denial of service (DDOS) attack, including but not limited to domain name system (DNS) distributed denial of service (DDOS) attacks, web-bot attacks and network time protocol (NTP) attacks. 
•    Remediation and rescan: agency will implement the recommended remediation actions based on the preliminary report. 
•    The vendor will then conduct a follow-up rescan of the affected systems to verify the effectiveness of the remediation efforts. 
•    Rescan of systems before June 30, 2026 when project is expected to be completed. 
•    Provide 30 hours of professional service for system hardening and security remediations.
•    Testing coordination: all testing activities, including vulnerability scanning, must be coordinated with the agency internal its team in advance to avoid disruption to critical systems.

- Contract Period/Term: 1 year
- Questions/Inquires Deadline: October 8, 2025