The vendor is required to provide from network penetration testing consultants, to be registered on the city’s pre-qualified list.
- Planning and conducting external and internal penetration tests covering the perimeter of the cardholder data environment (CDE) and critical systems;
- Identifying and safely exploiting vulnerabilities at the network layer, including testing of firewalls, routers, switches, and associated infrastructure; 
- Assessing operating systems and exposed services for known vulnerabilities and misconfigurations; 
- Delivering clear, actionable findings reports, including a technical summary of identified risks, prioritized remediation recommendations, and an executive summary for senior leadership; 
- Validating the effectiveness of implemented remediations through optional re-testing, where requested by the city; 
- Ensuring testing methodologies are consistent with recognized frameworks such as open worldwide application security project, NIST SP 800-115, or equivalent; and 
- Providing testing personnel with current, relevant certifications and ensuring all reports are signed by qualified staff.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: Jun 19, 2025