Whitfield County Schools Quote
Title: Technology - Cyber Security Table Top and Incident Response Program Development
Deadline: 6/17/2024 2:00 PM (UTC-05:00) Eastern Time (US & Canada)
Status: Awarded
Quote Number: WCS-IT-2024-029
Description: Whitfield County Schools District, hereinafter referred to as "the Company," invites qualified vendors to submit a quotation for the implementation of a comprehensive Cyber Security Table Top Exercise and Incident Response Program Development.
Documents:
| Documents as of 6/3/2024 |
|---|
| RFQ_Cyber_Security_Table_Top_and_Incident_Response_WCS_IT_2024_029.pdf |
Addition 1
Posted: 8/8/2024
Type of Addition: Award Information
Overview: Awarded to True North Consulting at June 18th Board Meeting
Amount: $5,950.00
Question 1
Posted: 6/5/2024
Question: Can you clarify the number of tabletop exercises to include in our response to this RFP? There are (6) scenarios mentioned in the bid document.
Response: We would select one of the 6 offerings.
Question 2
Posted: 6/6/2024
Question: What brand of firewalls do you use?
Response: Palo Alto
Question 3
Posted: 6/6/2024
Question: What type of network equipment do you use?
Response: Aruba
Question 4
Posted: 6/6/2024
Question: Is all of your school system network traffic presented on one core switch?
Response: No
Question 5
Posted: 6/6/2024
Question: Do you route all school system Internet traffic through one set of firewalls at one location?
Response: No
Question 6
Posted: 6/6/2024
Question: How many IT people will be involved with cyber response (use the playbooks)?
Response: 5 core people with up to 10 additional for field response.
Question 7
Posted: 6/10/2024
Question: Is this a new contract or a recompete of existing contract? If yes, please share the incumbent details.
Response: This is a quote for a one-time service.
Question 8
Posted: 6/10/2024
Question: What is the budget for this contract?
Response: There is no set budget. We are requesting a competitive quote.
Question 9
Posted: 6/10/2024
Question: How is Cyber security currently handled by WCS?
Response: Through the IT department.
Question 10
Posted: 6/10/2024
Question: Can you provide more details on the specific business and IT security requirements that need to be addressed during the Discovery and Work Sessions?
Response: All the requirements are specified in the RFQ.
Question 11
Posted: 6/10/2024
Question: Are there any existing Incident Response policies or plans currently in place? If so, can you share them for review?
Response: Yes there are. No we will not share them for review for security purposes.
Question 12
Posted: 6/10/2024
Question: What is the expected duration for the Discovery and Work Sessions?
Response: That is for you to detail out in your RFQ.
Question 13
Posted: 6/10/2024
Question: Can you clarify the specific technology and services currently in use within the IT environment?
Response: No, If you are awarded the project, the discovery will help you acquire that information.
Question 14
Posted: 6/10/2024
Question: How many locations are included in the IT environment review?
Response: 22
Question 15
Posted: 6/10/2024
Question: What specific outcomes are expected from the Incident Response policy and plan?
Response: We expect a final evaluation and recommendation of how we can better improve our existing IRP.
Question 16
Posted: 6/10/2024
Question: Can you provide more details on the goals and objectives for the custom exercise scenarios?
Response: The goal is to run through a cyber security tabletop exercise with the objectives of real application of our IRP.
Question 17
Posted: 6/10/2024
Question: What is the expected number of participants in the tabletop exercises?
Response: between 5 and 10
Question 18
Posted: 6/10/2024
Question: Are there any specific incident scenarios you prioritize beyond the ones listed (Ransomware, Business Email Compromise, Unauthorized Access, Malware Outbreak, Phishing, Data Theft/Loss)?
Response: No
Question 19
Posted: 6/10/2024
Question: What is the preferred format for the after-action review report?
Response: Please review the RFQ under Item(s) Provided to Customer.
Question 20
Posted: 6/10/2024
Question: Can you provide examples or templates for the expected format of the Incident Response Policy, Plan, and Playbooks?
Response: Nope
Question 21
Posted: 6/10/2024
Question: Are there any specific metrics or key performance indicators (KPIs) included in the deliverables?
Response: Meeting the requests of the RFQ.
Question 22
Posted: 6/10/2024
Question: How frequently should the deliverables be reviewed and updated?
Response: This is a one-time project.
Question 23
Posted: 6/10/2024
Question: Can you give a list of key personnel and their roles involved in this project?
Response: Not at this time. Once the project has been awarded that will be provided.
Question 24
Posted: 6/10/2024
Question: Are there any specific compliance and regulatory requirements that need to be considered?
Response: Follow NIST and CISA standards.
Question 25
Posted: 6/10/2024
Question: How will you ensure the availability of key personnel during the project?
Response: Scheduled meetings.
Question 26
Posted: 6/10/2024
Question: Can you clarify the specific criteria for conducting on-site engagements versus remote engagements?
Response: If you are planning on performing the engagement remotely then you would not be on site, else you would be on site with everyone involved.
Question 27
Posted: 6/10/2024
Question: What are the expectations for the Customer’s Program Manager or knowledgeable resource in facilitating the engagement?
Response: They would deal with the internal scheduling or people and resources for the TTE.
Question 28
Posted: 6/10/2024
Question: Are there any preferred communication channels or platforms for project management and updates?
Response: No
Question 29
Posted: 6/10/2024
Question: Can you provide a clear definition of services considered out of scope for this project?
Response: That should be defined by you as the provider of the service.
Question 30
Posted: 6/10/2024
Question: What is the process for addressing services that may fall outside the scope outlined in the SOW?
Response: Must be communicated with the Contact, with an ad-hoc sow showing the additional work to be performed and the cost of that additional work. Also should include any impact that this change would have on the original SOW.
Question 31
Posted: 6/10/2024
Question: What is the expected frequency and format for project updates and communication?
Response: This should be part of your proposal.
Question 32
Posted: 6/10/2024
Question: Can you provide a sample high-level project schedule for reference?
Response: No
Question 33
Posted: 6/10/2024
Question: What are the criteria for project closure and final acceptance of deliverables?
Response: Once all deliverables have been completed and the IT Director has signed off.
Question 34
Posted: 6/10/2024
Question: Are there any specific formatting requirements for the quotation submission?
Response: I recommend you provide as much breakdown/detail in your quote as possible.
Question 35
Posted: 6/10/2024
Question: Can you provide more details on the evaluation criteria and weighting for the quotation?
Response: Cost 65%, Meeting Quote Requirements 35%
Question 36
Posted: 6/10/2024
Question: Are there any previous incidents or case studies that can provide context for the current cybersecurity needs?
Response: No
Question 37
Posted: 6/10/2024
Question: Can you provide any feedback or lessons learned from previous vendors or projects similar to this RFQ?
Response: No
Question 38
Posted: 6/10/2024
Question: What is the proposal format?
Response: We have already responded to this question. Please see the public solicitation.
Question 39
Posted: 6/10/2024
Question: Is there any proposal format or need to submit Quote form?
Response: We have already responded to this question. Please see the public solicitation.
Question 40
Posted: 6/10/2024
Question: Greetings, I noticed the RFQ document simply requires a quote + basic company information. Are you not interested in a more formal document capturing relevant experiences, team resumes, methodology, timeline, etc? Thanks
Response: Due to this being an RFQ, not an RFP, we would only expect you to quote what was started in the RFQ. Anything above that would be at your discretion and would further strengthen your response.
Question 41
Posted: 6/11/2024
Question: Do the Schools have any requirements/restrictions as far as the framework to be used for the Incident Response Plan?
Response: NIST would be preferred.
Question 42
Posted: 6/11/2024
Question: Who would be selecting the 5 playbooks? Vendor or Schools?
Response: Schools
Question 43
Posted: 6/11/2024
Question: What is needed for the First Responder training, any specific goals or high-level curriculum? Is the format virtual or in person?
Response: That is for you to provide.
Question 44
Posted: 6/11/2024
Question: For the Scenario Development, would one scenario be covering multiple playbooks work? If not, what is the minimum number of scenarios?
Response: For the IR program development, you would provide us with 5 playbooks (that we choose from), and for the exercise, you would provide us with a single custom exercise. We would choose from the options provided in the RFQ.
Question 45
Posted: 6/11/2024
Question: For the Exercise Execution, TTX Execution: Remote/Virtual or Onsite? Expected attendees (Org Level/How many)?
Response: You can quote it either remote or onsite. no more than 10 attendees.
Question 46
Posted: 6/12/2024
Question: Can you provide an overview of your current cybersecurity infrastructure and policies?
Response: no
Question 47
Posted: 6/12/2024
Question: What are your primary business operations and critical assets that need protection?
Response: We are a school district. Financials, HR, and Student PII
Question 48
Posted: 6/12/2024
Question: How is your organization structured in terms of IT and cybersecurity teams?
Response: Put it this way, you can't use the word team for cybersecurity.
Question 49
Posted: 6/12/2024
Question: What are the primary objectives of the tabletop exercise and incident response development?
Response: To identify gaps in our IRP and receive recommendations on closing those gaps.
Question 50
Posted: 6/12/2024
Question: Are there specific scenarios or types of cyber threats you are most concerned about?
Response: all that were listed in the RFQ.
Question 51
Posted: 6/12/2024
Question: What outcomes or deliverables are you expecting from this engagement?
Response: That is answered in an earlier question.
Question 52
Posted: 6/12/2024
Question: Do you currently have an incident response plan in place? If so, can you provide an outline?
Response: Yes and No
Question 53
Posted: 6/12/2024
Question: Have you conducted tabletop exercises or incident response drills before? If yes, what were the results and lessons learned?
Response: No
Question 54
Posted: 6/12/2024
Question: How do you currently detect, manage, and respond to cybersecurity incidents?
Response: This can be discussed if you are awarded the contract as answering this could expose weaknesses in our processes.
Question 55
Posted: 6/12/2024
Question: Who will be the primary point of contact for this project?
Response: That will be provided if you receive the contract.
Question 56
Posted: 6/12/2024
Question: Which departments and roles will be involved in the tabletop exercises?
Response: That will be provided if you receive the contract.
Question 57
Posted: 6/12/2024
Question: Are there any specific stakeholders or third parties that need to be included in the exercise or incident response planning?
Response: That will be provided if you receive the contract.
Question 58
Posted: 6/12/2024
Question: What is your preferred timeline for the project, including key milestones and deadlines?
Response: That will be provided if you receive the contract.
Question 59
Posted: 6/12/2024
Question: Do you have any scheduling constraints or preferred dates for conducting the tabletop exercise?
Response: That will be provided if you receive the contract.
Question 60
Posted: 6/12/2024
Question: What level of cybersecurity expertise does your team currently possess?
Response: That will be provided if you receive the contract.
Question 61
Posted: 6/12/2024
Question: Do you have any specific training requirements or areas where your team needs additional knowledge?
Response: That will be provided if you receive the contract.
Question 62
Posted: 6/12/2024
Question: Are there existing documentation or resources that we should be aware of and incorporate into our planning?
Response: That will be provided if you receive the contract.
Question 63
Posted: 6/12/2024
Question: Are there any regulatory or compliance standards that your organization must adhere to (e.g., GDPR, HIPAA, NIST)?
Response: NIST, CISA, FERPA
Question 64
Posted: 6/12/2024
Question: How do you currently ensure compliance with these standards?
Response: That will be provided if you receive the contract.
Question 65
Posted: 6/12/2024
Question: What are your preferences for communication and reporting throughout the project?
Response: That will be provided if you receive the contract.
Question 66
Posted: 6/12/2024
Question: How would you like incidents to be documented and reported during and after the exercise?
Response: That will be provided if you receive the contract.
Question 67
Posted: 6/12/2024
Question: How will you measure the success of the tabletop exercise and incident response development?
Response: We have already responded to this question. Please see the public solicitation.
Question 68
Posted: 6/12/2024
Question: What are your expectations for post-exercise evaluation and follow-up activities?
Response: Please provide your recommendations.
Question 69
Posted: 6/12/2024
Question: Can you provide a budget range for this project?
Response: No
Question 70
Posted: 6/12/2024
Question: Are there any resource constraints or limitations we should be aware of?
Response: N/A
Question 71
Posted: 6/12/2024
Question: Is there any additional information or specific concerns you would like us to address in our proposal?
Response: No
Question 72
Posted: 6/12/2024
Question: Are there any existing security incidents or breaches that should inform our planning and development?
Response: No
Question 73
Posted: 6/12/2024
Question: Would you like to consider conducting a social engineering campaign to ensure cybersecurity awareness amonst your staff and employees?
Response: That was not requested in the RFQ
Question 74
Posted: 6/12/2024
Question: In light of enhancing your cybersecurity posture, how open would Whitfield County Schools be to initiating comprehensive internal and external vulnerability assessments to proactively identify and address potential weaknesses within your network infrastructure?
Response: Your question does not apply to this RFQ.
Question 75
Posted: 6/12/2024
Question: Considering the short period between the question deadline and the submission date, would Whitfield County Schools please consider extending the submission deadline?
Response: Not at this time.
Posted: 8/8/2024
Type of Addition: Award Information
Overview: Awarded to True North Consulting at June 18th Board Meeting
Amount: $5,950.00
Posted: 6/5/2024
Question: Can you clarify the number of tabletop exercises to include in our response to this RFP? There are (6) scenarios mentioned in the bid document.
Response: We would select one of the 6 offerings.
Posted: 6/6/2024
Question: What brand of firewalls do you use?
Response: Palo Alto
Posted: 6/6/2024
Question: What type of network equipment do you use?
Response: Aruba
Posted: 6/6/2024
Question: Is all of your school system network traffic presented on one core switch?
Response: No
Posted: 6/6/2024
Question: Do you route all school system Internet traffic through one set of firewalls at one location?
Response: No
Posted: 6/6/2024
Question: How many IT people will be involved with cyber response (use the playbooks)?
Response: 5 core people with up to 10 additional for field response.
Posted: 6/10/2024
Question: Is this a new contract or a recompete of existing contract? If yes, please share the incumbent details.
Response: This is a quote for a one-time service.
Posted: 6/10/2024
Question: What is the budget for this contract?
Response: There is no set budget. We are requesting a competitive quote.
Posted: 6/10/2024
Question: How is Cyber security currently handled by WCS?
Response: Through the IT department.
Posted: 6/10/2024
Question: Can you provide more details on the specific business and IT security requirements that need to be addressed during the Discovery and Work Sessions?
Response: All the requirements are specified in the RFQ.
Posted: 6/10/2024
Question: Are there any existing Incident Response policies or plans currently in place? If so, can you share them for review?
Response: Yes there are. No we will not share them for review for security purposes.
Posted: 6/10/2024
Question: What is the expected duration for the Discovery and Work Sessions?
Response: That is for you to detail out in your RFQ.
Posted: 6/10/2024
Question: Can you clarify the specific technology and services currently in use within the IT environment?
Response: No, If you are awarded the project, the discovery will help you acquire that information.
Posted: 6/10/2024
Question: How many locations are included in the IT environment review?
Response: 22
Posted: 6/10/2024
Question: What specific outcomes are expected from the Incident Response policy and plan?
Response: We expect a final evaluation and recommendation of how we can better improve our existing IRP.
Posted: 6/10/2024
Question: Can you provide more details on the goals and objectives for the custom exercise scenarios?
Response: The goal is to run through a cyber security tabletop exercise with the objectives of real application of our IRP.
Posted: 6/10/2024
Question: What is the expected number of participants in the tabletop exercises?
Response: between 5 and 10
Posted: 6/10/2024
Question: Are there any specific incident scenarios you prioritize beyond the ones listed (Ransomware, Business Email Compromise, Unauthorized Access, Malware Outbreak, Phishing, Data Theft/Loss)?
Response: No
Posted: 6/10/2024
Question: What is the preferred format for the after-action review report?
Response: Please review the RFQ under Item(s) Provided to Customer.
Posted: 6/10/2024
Question: Can you provide examples or templates for the expected format of the Incident Response Policy, Plan, and Playbooks?
Response: Nope
Posted: 6/10/2024
Question: Are there any specific metrics or key performance indicators (KPIs) included in the deliverables?
Response: Meeting the requests of the RFQ.
Posted: 6/10/2024
Question: How frequently should the deliverables be reviewed and updated?
Response: This is a one-time project.
Posted: 6/10/2024
Question: Can you give a list of key personnel and their roles involved in this project?
Response: Not at this time. Once the project has been awarded that will be provided.
Posted: 6/10/2024
Question: Are there any specific compliance and regulatory requirements that need to be considered?
Response: Follow NIST and CISA standards.
Posted: 6/10/2024
Question: How will you ensure the availability of key personnel during the project?
Response: Scheduled meetings.
Posted: 6/10/2024
Question: Can you clarify the specific criteria for conducting on-site engagements versus remote engagements?
Response: If you are planning on performing the engagement remotely then you would not be on site, else you would be on site with everyone involved.
Posted: 6/10/2024
Question: What are the expectations for the Customer’s Program Manager or knowledgeable resource in facilitating the engagement?
Response: They would deal with the internal scheduling or people and resources for the TTE.
Posted: 6/10/2024
Question: Are there any preferred communication channels or platforms for project management and updates?
Response: No
Posted: 6/10/2024
Question: Can you provide a clear definition of services considered out of scope for this project?
Response: That should be defined by you as the provider of the service.
Posted: 6/10/2024
Question: What is the process for addressing services that may fall outside the scope outlined in the SOW?
Response: Must be communicated with the Contact, with an ad-hoc sow showing the additional work to be performed and the cost of that additional work. Also should include any impact that this change would have on the original SOW.
Posted: 6/10/2024
Question: What is the expected frequency and format for project updates and communication?
Response: This should be part of your proposal.
Posted: 6/10/2024
Question: Can you provide a sample high-level project schedule for reference?
Response: No
Posted: 6/10/2024
Question: What are the criteria for project closure and final acceptance of deliverables?
Response: Once all deliverables have been completed and the IT Director has signed off.
Posted: 6/10/2024
Question: Are there any specific formatting requirements for the quotation submission?
Response: I recommend you provide as much breakdown/detail in your quote as possible.
Posted: 6/10/2024
Question: Can you provide more details on the evaluation criteria and weighting for the quotation?
Response: Cost 65%, Meeting Quote Requirements 35%
Posted: 6/10/2024
Question: Are there any previous incidents or case studies that can provide context for the current cybersecurity needs?
Response: No
Posted: 6/10/2024
Question: Can you provide any feedback or lessons learned from previous vendors or projects similar to this RFQ?
Response: No
Posted: 6/10/2024
Question: What is the proposal format?
Response: We have already responded to this question. Please see the public solicitation.
Posted: 6/10/2024
Question: Is there any proposal format or need to submit Quote form?
Response: We have already responded to this question. Please see the public solicitation.
Posted: 6/10/2024
Question: Greetings, I noticed the RFQ document simply requires a quote + basic company information. Are you not interested in a more formal document capturing relevant experiences, team resumes, methodology, timeline, etc? Thanks
Response: Due to this being an RFQ, not an RFP, we would only expect you to quote what was started in the RFQ. Anything above that would be at your discretion and would further strengthen your response.
Posted: 6/11/2024
Question: Do the Schools have any requirements/restrictions as far as the framework to be used for the Incident Response Plan?
Response: NIST would be preferred.
Posted: 6/11/2024
Question: Who would be selecting the 5 playbooks? Vendor or Schools?
Response: Schools
Posted: 6/11/2024
Question: What is needed for the First Responder training, any specific goals or high-level curriculum? Is the format virtual or in person?
Response: That is for you to provide.
Posted: 6/11/2024
Question: For the Scenario Development, would one scenario be covering multiple playbooks work? If not, what is the minimum number of scenarios?
Response: For the IR program development, you would provide us with 5 playbooks (that we choose from), and for the exercise, you would provide us with a single custom exercise. We would choose from the options provided in the RFQ.
Posted: 6/11/2024
Question: For the Exercise Execution, TTX Execution: Remote/Virtual or Onsite? Expected attendees (Org Level/How many)?
Response: You can quote it either remote or onsite. no more than 10 attendees.
Posted: 6/12/2024
Question: Can you provide an overview of your current cybersecurity infrastructure and policies?
Response: no
Posted: 6/12/2024
Question: What are your primary business operations and critical assets that need protection?
Response: We are a school district. Financials, HR, and Student PII
Posted: 6/12/2024
Question: How is your organization structured in terms of IT and cybersecurity teams?
Response: Put it this way, you can't use the word team for cybersecurity.
Posted: 6/12/2024
Question: What are the primary objectives of the tabletop exercise and incident response development?
Response: To identify gaps in our IRP and receive recommendations on closing those gaps.
Posted: 6/12/2024
Question: Are there specific scenarios or types of cyber threats you are most concerned about?
Response: all that were listed in the RFQ.
Posted: 6/12/2024
Question: What outcomes or deliverables are you expecting from this engagement?
Response: That is answered in an earlier question.
Posted: 6/12/2024
Question: Do you currently have an incident response plan in place? If so, can you provide an outline?
Response: Yes and No
Posted: 6/12/2024
Question: Have you conducted tabletop exercises or incident response drills before? If yes, what were the results and lessons learned?
Response: No
Posted: 6/12/2024
Question: How do you currently detect, manage, and respond to cybersecurity incidents?
Response: This can be discussed if you are awarded the contract as answering this could expose weaknesses in our processes.
Posted: 6/12/2024
Question: Who will be the primary point of contact for this project?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: Which departments and roles will be involved in the tabletop exercises?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: Are there any specific stakeholders or third parties that need to be included in the exercise or incident response planning?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: What is your preferred timeline for the project, including key milestones and deadlines?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: Do you have any scheduling constraints or preferred dates for conducting the tabletop exercise?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: What level of cybersecurity expertise does your team currently possess?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: Do you have any specific training requirements or areas where your team needs additional knowledge?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: Are there existing documentation or resources that we should be aware of and incorporate into our planning?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: Are there any regulatory or compliance standards that your organization must adhere to (e.g., GDPR, HIPAA, NIST)?
Response: NIST, CISA, FERPA
Posted: 6/12/2024
Question: How do you currently ensure compliance with these standards?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: What are your preferences for communication and reporting throughout the project?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: How would you like incidents to be documented and reported during and after the exercise?
Response: That will be provided if you receive the contract.
Posted: 6/12/2024
Question: How will you measure the success of the tabletop exercise and incident response development?
Response: We have already responded to this question. Please see the public solicitation.
Posted: 6/12/2024
Question: What are your expectations for post-exercise evaluation and follow-up activities?
Response: Please provide your recommendations.
Posted: 6/12/2024
Question: Can you provide a budget range for this project?
Response: No
Posted: 6/12/2024
Question: Are there any resource constraints or limitations we should be aware of?
Response: N/A
Posted: 6/12/2024
Question: Is there any additional information or specific concerns you would like us to address in our proposal?
Response: No
Posted: 6/12/2024
Question: Are there any existing security incidents or breaches that should inform our planning and development?
Response: No
Posted: 6/12/2024
Question: Would you like to consider conducting a social engineering campaign to ensure cybersecurity awareness amonst your staff and employees?
Response: That was not requested in the RFQ
Posted: 6/12/2024
Question: In light of enhancing your cybersecurity posture, how open would Whitfield County Schools be to initiating comprehensive internal and external vulnerability assessments to proactively identify and address potential weaknesses within your network infrastructure?
Response: Your question does not apply to this RFQ.
Posted: 6/12/2024
Question: Considering the short period between the question deadline and the submission date, would Whitfield County Schools please consider extending the submission deadline?
Response: Not at this time.