Main Nav

RFP Template for Information Security Projects

Tuesday, November 10, 2009


This Request For Proposal template was created to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations should consider asking potential vendors to ensure that a thorough and comprehensive approach to the project will be taken. This template should apply for a variety of information security projects including:

  • External Network Vulnerability Assessment and Penetration Testing
  • Internal Network Vulnerability Assessment and Penetration Testing
  • Web Application Penetration Testing
  • Dial-In / RAS Security Testing
  • DMZ or Network Architecture Designs / Reviews
  • Wireless Network Assessment and Penetration Testing
  • Virtual Infrastructure Security Assessment
  • Server Configuration Reviews
  • Firewall and Router Configuration Reviews
  • VPN Configuration Reviews
  • Voice over IP Assessments
  • Social Engineering Assessments
  • Physical Security Reviews
  • Software Source Code Reviews
  • Application Threat Modeling and Design Reviews
  • Information Security Policy and Procedure Development or Review
  • Information Security Risk Assessment
  • Security Awareness Program Development or Review
  • Incident Response Program Development or Review
  • Secure SDLC Program Development or Review
  • PCI Quarterly Scans
  • PCI Report on Compliance Assessment or Gap Analysis

Download This Resource