Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Penetration Testing RFP Ideas

From: "Penn, Blake C" <blake.penn () SECURITY GATECH EDU>
Date: Tue, 21 Feb 2017 19:30:24 +0000
I would recommend including PCI DSS 11.3 into the RFP since it is already canned language.


   Regards,

   Blake Penn 
   Information Security Policy and Compliance Manager 
   Cyber Security 
   Georgia Institute of Technology 
   (404) 385-5480 


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin 
Harwood
Sent: February 21, 2017 13:26
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Penetration Testing RFP Ideas

I was wanting to ask this community if there is anyone else in here that has written an RFP lately for 
internal/external penetration testing services? I’m looking for ideas on how I’m crafting out the document that lists 
out all the technical requirements and things I want to be considered in order to help decide the best vendor to 
choose?  What I’m looking for is ideas to ensure that I have enough information so that I don’t get a low-ball bid 
response and have to go with them if they aren’t a vendor we think meets our expectations/qualifications.

Thanks,

Justin

________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and 
proprietary information. If you are not the intended recipient, you are hereby notified that any retention, 
dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have 
received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
Previous By Date Next
Previous By Thread Next

Current thread: