B -- REQUEST FOR INFORMATION -- IT SECURITY ANALYSIS

Notice Date

May 1, 2001

Contracting Office

Tennessee Valley Authority, Procurement, 1101 Market Street, Chattanooga, TN 37402

ZIP Code

37402

Solicitation Number

N/A

Response Due

May 31, 2001

Point of Contact

Edna Ragland-Wiggins, IT Security Manager, Phone: (423)l751-2618, email: erwiggins@tva.gov

E-Mail Address

May contact IT Security Manager via e-mail (erwiggins@tva.gov)

Description

The Tennessee Valley Authority (TVA) is requesting proposals for information planning purposes only, to identify firms who conduct independent IT vulnerability assessments and examine the adequacy of current areas of control to measure the organization's effectiveness in protecting critical asset elements. This is NOT a Request For Proposal and no award will be made as a result of this Request For Information (RFI). The results of this RFI may or may not result in a RFP. Responses to this RFI will be utilized to determine recipients of future RFPs. Potential vendors shall provide detailed information on similar assessments performed for clients in the energy or utility industry of equivalent size and geography as TVA. Vendor's experience base must include the assessment of SCADA and energy management systems in addition to traditional IT systems. Vendor should have a proven methodology which incorporates a risk-based approach for assessing risk, developing and implementing effective security procedures and controls, and monitoring the effectiveness of procedures. The vulnerability assessment must review actions, devices, policies, procedures, techniques and other factors that potentially place the organization's critical asset elements at risk. The assessment must include the following components: Policies & Procedures, Segregation of duties; Systems software controls, Network view (including fire walls and routing architecture), Host view; Operating System, Access Control, Configuration Management, Disaster Recovery, Business Continuity, SCADA and Energy Management Systems, Applications (including e-mail and DNS), Maintenance, Intrusion Detection System, Anti-Virus, Incident Handling. The vendor will be responsible for conducting all aspects of the assessment including document reviews, interviews, and questionnaires. Vendor should provide information on techniques used to identify vulnerabilities and potential threats. Please direct all responses to Edna Ragland-Wiggins, e-mail address is erwiggins@tva.gov

Record

Loren Data Corp. 20010503/BSOL006.HTM (W-121 SN50K7Y1)