RFP for Cybersecurity Testing Services
IETF Executive Director <exec-director@ietf.org> Mon, 03 February 2025 21:13 UTC
Return-Path: <exec-director@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from mail.ietf.org (ietfa.amsl.com [50.223.129.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 452D5C151551; Mon, 3 Feb 2025 13:13:05 -0800 (PST)
Received: from [10.244.8.188] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 11708C151099; Mon, 3 Feb 2025 13:13:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: IETF Executive Director <exec-director@ietf.org>
To: RFP Announcement List <rfp-announce@ietf.org>
Subject: RFP for Cybersecurity Testing Services
X-Test-IDTracker: no
X-IETF-IDTracker: 12.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <173861718469.121031.8724750286856189102@dt-datatracker-6f7f8bdd64-25rl2>
Date: Mon, 03 Feb 2025 13:13:04 -0800
Message-ID-Hash: KSFD24GJ7RTEZINMFEXBI7VLLAC5PTRL
X-Message-ID-Hash: KSFD24GJ7RTEZINMFEXBI7VLLAC5PTRL
X-MailFrom: exec-director@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ietf-announce@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: ietf-rfps@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/2gTiHpEsFcmF1eA8nAE_K2ypLyk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>
The IETF Administration LLC is soliciting bids for Cybersecurity Testing Services. Overview: The IETF Administration LLC is soliciting bids for a cybersecurity testing provider to act as our preferred provider until the end of 2027 and to deliver two initial projects. The work of the new provider will include: Penetration testing. We regard penetration testing as the gold standard for auditing operational IT systems and require regular penetration tests of our systems. Code and repository reviews. We operate at a very high level of transparency, with most of our code and configurations available in public repositories and licensed under open source licenses. Design and architecture evaluation. While less common, we are increasingly designing new systems from the ground-up and look to early review of the design and architecture. The first initial project is the penetration testing and code review of Datatracker, the IETF’s public facing document and workflow management tool. The second initial project is penetration testing and configuration review of the new IETF cloud infrastructure. Timeline: 3 February 2025 RFP Issued 17 February 2025 Questions and Inquiries deadline 24 February 2025 Answers to questions issued and RFP updated if required 3 March 2025 Bids due 31 March 2025 Preferred bidder selected and negotiations begin 14 April 2025 Contract execution and work begins Bids are due by 22:00 UTC on the day noted above. Full details of the RFP, including instructions on how to submit a bid and how to ask questions, can be found at https://www.ietf.org/media/documents/IETF_RFP_for_Cybersecurity_Testing_Services.pdf. Please note that in order to maintain a fair and transparent RFP process, all questions or feedback regarding this RFP should be made to the email address specified in the RFP. -- Jay Daley IETF Executive Director exec-director@ietf.org
- RFP for Cybersecurity Testing Services IETF Executive Director