Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF AUGUST 29, 2016 FBO #5393
MODIFICATION

D -- Network Penetration Test

Notice Date
8/27/2016
 
Notice Type
Modification/Amendment
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
International Boundary and Water Commission, Acquisition Division, Acquisition Division, 4171 North Mesa, Suite C-100, El Paso, Texas, 79902, United States
 
ZIP Code
79902
 
Solicitation Number
6309r1221014
 
Point of Contact
Angelica Baca,
 
E-Mail Address
angelica.baca@ibwc.gov
(angelica.baca@ibwc.gov)
 
Small Business Set-Aside
Total Small Business
 
Description
Q&A 8/27/16 • 1. The updated SOW now states "(Exploitation)" for Phase I in the phishing campaign. Does that mean Exploitation is in scope for the phishing campaign? If so, what would constitute exploitation? Exploitation is in scope for the phishing campaign. IBWC will provide a list of email address we would like to exploit. These attacks should be email based and should model phishing attacks seen in the real world. The test should also include a click analysis report to determine which employees interacted with the malicious email (open the email, click on a link, open an attachment, etc...). • 2. Is the bid type FFP or T&M? FFP • 3. Where is the physical location of the networks to be tested and the people to be interviewed? The datacenter and personnel are both located in El Paso, TX (IBWC Headquarters). 4. Looking at the tasks, two phases are listed, but in setion V Requirements there is a task at the end which reads "User Awareness Phishing campaign 60 days after Phase I & II findings are finalized and agency has a window to make corrections to the systems" Do you require someone to rerun the phishing test in January (60 days after the Nov 18th end time) or is that training, or what? If so, when will be the final billing? Should that then be treated as a third phase or should it be included in the price of phase 1 and understood it will be completed as requested? Disregard where it states "User Awareness Phishing campaign 60 days after." We consolidated Phase III into Phase I. Completion of Phase I and II is the final scope. 5. Do the '181 controls' referenced in the beginning of Phase II in the Statement of Work refer to the security measures outlined in the ST&E document / Network_test_results.docx? Yes, you're correct. The ST&E document are the 181 controls. 6. The SOW also references control details in 'Appendix A', which does not seem to be attached to SOW or online solicitation. Can you kindly provide us with this attachment? Appendix A should be the list of 181 controls. Please see the attachment. 7. Is there a prohibition on beginning to work on Phase II in parallel during Phase I? There is no prohibition. 8. The following questions refer to the Statement of Work's description of the wireless network assessment: a. Are all of the devices in the same facility/location? If not, how many facilities are involved and what are the locations. The datacenter is located at IBWC Headquarters, El Paso, TX. All traffic flows to HQ's and all devices can be reach from HQ's. b. The assessment specifies "No Exploitation",but then suggests "exploitation of weak encryption protocols". Are weak encryption protocols to be exploited or simply identified? IBWC requires verification of the wireless network encryption protocols that are NIST/FISMA compliant. This area can be completed by simply reviewing the type of encryption (WEP, WPA, WPA2, etc.) the router and access points are set to. IBWC IMD can grant access to the admin console for verification. We are not requesting a full exploitation such as running sophisticated methods to hack the wireless network. 9. Regarding the VoIP assessment, please specify what kind of VoIP system(s) is/are in place? (e.g. SIP, H.323, etc.) H.323 10. With regard to testing remotely via VPN, what VPN software will we be expected to use? We typically utilize SonicWALL Global VPN Client for some customers. We can do the same, but we would need to configure your device since we cannot share the key. We can also discuss a different solution if necessary. 11. Will this RFP result in the government awarding a Firm Fixed Price contract? FFP is correct. 12. Does the government expect offerors to specify labor rates in the proposal or a total cost including labor and all other costs? Total cost.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/IBWC/IMD/ElPasoTX/6309r1221014/listing.html)
 
Place of Performance
Address: USIBWC HQ, 4171 N. Mesa Bldg. C-100, El Paso, Texas, 79902, United States
Zip Code: 79902
 
Record
SN04244336-W 20160829/160827233103-c3e78cffa131275bbca2ca89d4e76db7 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.