BidNet Direct #IT_RFP_20260428

Grand Traverse County Penetration Testing Services for IT Infrastructure

Grand Traverse County is seeking a qualified information security firm to perform comprehensive penetration testing of its technology infrastructure. - Government Buyer: - Grand Traverse County Information Technology Department - OEMs and Vendors Mentioned: - Microsoft (Microsoft 365 Government Cloud, Entra ID/Active Directory) - CrowdStrike (endpoint protection) - Workday (ERP) - Kroll (third-party network operations center) - Products/Services Requested: - External network penetration testing (black-box testing of all internet-facing assets) - Internal network penetration testing (gray-box testing with credentials, including Active Directory/Entra ID, privilege escalation, and lateral movement) - Microsoft 365 and Entra ID configuration review (authenticated review of M365 GCC tenant, Exchange Online, SharePoint Online, Teams, OneDrive, Entra ID policies, and Copilot readiness) - Retesting and remediation verification (one retesting cycle for critical/high findings, with formal attestation letter) - Unique or Notable Requirements: - Testing must be completed before a planned Microsoft 365 Copilot deployment - Strict rules of engagement: black-box for external, gray-box for internal, authenticated for M365 - Deliverables include prioritized findings, remediation guidance, attack path visualizations, and Copilot readiness assessment - The selected firm and its affiliates are prohibited from marketing or selling remediation services based on findings and are excluded from subsequent remediation procurements - Certified personnel required; detailed reporting and formal attestation for insurance/compliance - Potential vendors listed include Hitech, Concourse Tech Inc., Certus Cybersecurity Solutions, White Knight Labs, Carahsoft Technology, RADgov, Infojini, Sustained Solutions, QuynhTech Strategies, Rehmann, Berry Dunn McNeil & Parker, Allied Solutions, security 1st Consulting, GeoTran Consultants, Robert Wooldridge Technical Services, Sentinel Technologies, Karhu Cyber, Avalon Technologies, AmeriNet of Michigan, Resultant, Dewpoint, Shorebreak iThreat Security, Ventraq, CyberForce|Q, among others.

Description

Grand Traverse County is soliciting proposals for penetration testing services to assess the security of its technology infrastructure. The scope includes testing of the external network, internal network, and Microsoft 365 / Entra ID environment. The engagement aims to establish a validated security baseline and identify vulnerabilities prior to a planned Microsoft 365 Copilot deployment. The testing must be conducted within agreed rules of engagement and includes retesting for remediation verification. The solicitation prohibits the successful respondent from marketing or selling remediation services based on findings from this engagement.

View original listing