Loren Data Corp.

'

  
COMMERCE BUSINESS DAILY ISSUE OF MAY 3, 2001 PSA #2843
SOLICITATIONS

B -- REQUEST FOR INFORMATION -- IT SECURITY ANALYSIS

Notice Date
May 1, 2001
Contracting Office
Tennessee Valley Authority, Procurement, 1101 Market Street, Chattanooga, TN 37402
ZIP Code
37402
Solicitation Number
N/A
Response Due
May 31, 2001
Point of Contact
Edna Ragland-Wiggins, IT Security Manager, Phone: (423)l751-2618, email: erwiggins@tva.gov
E-Mail Address
May contact IT Security Manager via e-mail (erwiggins@tva.gov)
Description
The Tennessee Valley Authority (TVA) is requesting proposals for information planning purposes only, to identify firms who conduct independent IT vulnerability assessments and examine the adequacy of current areas of control to measure the organization's effectiveness in protecting critical asset elements. This is NOT a Request For Proposal and no award will be made as a result of this Request For Information (RFI). The results of this RFI may or may not result in a RFP. Responses to this RFI will be utilized to determine recipients of future RFPs. Potential vendors shall provide detailed information on similar assessments performed for clients in the energy or utility industry of equivalent size and geography as TVA. Vendor's experience base must include the assessment of SCADA and energy management systems in addition to traditional IT systems. Vendor should have a proven methodology which incorporates a risk-based approach for assessing risk, developing and implementing effective security procedures and controls, and monitoring the effectiveness of procedures. The vulnerability assessment must review actions, devices, policies, procedures, techniques and other factors that potentially place the organization's critical asset elements at risk. The assessment must include the following components: Policies & Procedures, Segregation of duties; Systems software controls, Network view (including fire walls and routing architecture), Host view; Operating System, Access Control, Configuration Management, Disaster Recovery, Business Continuity, SCADA and Energy Management Systems, Applications (including e-mail and DNS), Maintenance, Intrusion Detection System, Anti-Virus, Incident Handling. The vendor will be responsible for conducting all aspects of the assessment including document reviews, interviews, and questionnaires. Vendor should provide information on techniques used to identify vulnerabilities and potential threats. Please direct all responses to Edna Ragland-Wiggins, e-mail address is erwiggins@tva.gov
Record
Loren Data Corp. 20010503/BSOL006.HTM (W-121 SN50K7Y1)

B - Special Studies and Analyses - Not R&D Index  |  Issue Index |
Created on May 3, 2001 by Loren Data Corp. -- info@ld.com