RFP for Network Security Penetration Testing Services
Project Information
- Bid Title
- RFP for Network Security Penetration Testing Services
- Issuing Agency
- Greenville Utilities
- Location
- North Carolina
- Published Date
- Jan 12, 2026
- Closing Date
- Jan 15, 2026
- Government Level
- State & Local
- Status
- Closed
- Ref. #
- 25-83
- Original Source
- Join to Access Full Details
- Bid Inquiries
- Join to Access Full Details
- Bid Documents
- Join to Access Full Details
- Project Description
-
Bid Number Title Due Date Other Files Tab Sheet 25-83 RFP for Network Security Penetration Testing Services Thu, 01/15/2026 - 02:00pm - - Attachment Preview
-
REQUEST FOR PROPOSALSREQUESTING PROPOSALS FOR NETWORK SECURITY PENETRATIONTESTING SERVICESforGREENVILLE UTILITIES COMMISSIONPO Box 1847Greenville, North Carolina 27835-1847ISSUE DATE: NOVEMBER 25, 2025PROPOSAL PACKAGES SHALL BE RECEIVED BY 2:00 PM (EST) ON January 15, 2026.Page 1 of 21PURPOSE OF REQUEST FOR PROPOSALSThe Greenville Utilities Commission (GUC) is seeking proposals from firms for a NetworkSecurity Penetration Test.Vendors submitting proposals must have experience doing assessments onorganizations with Supervisory Control and Data Acquisition (SCADA) systems. Vendorswho have experience conducting assessments with utilities are preferred. Project mustbe completed and paid for in our current fiscal year that ends on June 30, 2026.PROPOSALS SHALL BE RECEIVED BY 2:00 PM (EST) ON January 15,2026. Proposals shall be submitted via e-mail to: haddocgc@guc.com. Attention: CleveHaddock, Lifetime CLGPO, Procurement Manager, Greenville Utilities Commission, 401S. Greene Street, Greenville, North Carolina 27834. GUC reserves the right to reject anyand all Proposals.Questions regarding this Request for Proposals (RFP) should be received by or beforeDecember 12, 2025. Answers shall be communicated by December 19, 2025. Allquestions shall be directed to the attention of Cleve Haddock, Lifetime CLGPO,Procurement Manager, (252) 551-1533, at haddocgc@guc.com.Scope of Services:The services are to include, but not be limited to:• Include all of GUC’s networks: corporate network and each of the SCADAnetworks (Electric, Water, Wastewater, and Natural Gas)• Number of external IPs: 22• Number of internal IPs (Endpoints) accounts: 510• Number of IT (non-SCADA) servers (Windows and Linux): 195• Time allowed for reconnaissance and OSINT: 10 hoursPage 2 of 21Internal Scope• Wireless Security: Testing Wi-Fi configuration and access controls for bothcorporate and guest networks.• Attempt to discover and identify Personally Identifiable Information (PII) or otherhigh value documents of interest.• Workstation/Endpoint Security: Testing security controls on typical userworkstations.• Attempt to exploit and gain access to four identified SCADA networks with noimpact to the production system.• Attempt to compromise the one provided non-production SCADA HMI client orworkstation from each of the 4 networks.External Scope• Attempt to gain remote access to as many networks or devices on network asallowed by scope with no impact on production.• Attempt to gain unauthorized access to systems, email, or other applications viabreached credentials, exploits or other offensive toolsets.• Reconnaissance and OSINT - Look for any credentials, privileged or confidentialdocuments, items of proprietary interest.Deliverables:Conduct comprehensive network security penetration test and provide a detailed reportwhich includes:• An Executive Summary• A description of the methodology used to perform the assessment and anystandards they are adhering to.• Findings of all items in Scope in Services with description, rationale,remediation, and impact.• All recommendations should be identified as either relating to industry bestpractices, including the source of the best practice recommendation (such as aPage 3 of 21regulatory, compliance, or authorization scheme), or otherwise identified as theopinion of the contractor and its team.• A prioritized listing of findings with remediation suggestions.• Findings should include description of exploits and vulnerabilities used in theattack.• An output of any vulnerability scans that were performed.Contract Period:It is the intent of Greenville Utilities Commission (GUC) to enter into a multi-year contractat the time the contract is awarded by GUC to the successful proposer for a totalcontract period not to exceed three (3) years. Prices shall remain fixed during thefirst year with option for annual extensions at the same or negotiated prices for up totwo (2) additional years if market and service conditions so warrant and prove to be inthe best interest of GUC.PROPOSAL REQUIREMENTSAll proposals must contain, at a minimum, the information listed below. Vendors areasked not to submit advertising material in substitution for responding to below.1. A Cover Letter.2. Brief History of Firm.3. Statement of Professional Qualifications: Include résumés of key staff proposedto perform consulting and design work. One staff member should be designatedas the proposed Project Manager, with supporting staff identification.4. List of Recent Similar Projects Completed: List should include projects withsimilar scope proposed for this Project, and indicate which staff from theproposed team, if any, participated in the design of each project. List must alsoPage 4 of 21include clients’ names, contact person, addresses, and telephone numbers foreach project for reference.5. List of Subconsultants: If any subconsultants are used to assist with the services,list the names of the firms along with professional qualifications and recentsimilar projects completed.6. Schedule of Rates: List rates charged on an hourly basis for each classificationof personnel.7. Conceptual Project Schedule: Include a conceptual project schedule from projectkickoff to completion and total number of hours estimated to complete.8. Location of Office: Geographic location of office assigned to perform work withlisting of key staff who actually work at that location on a permanent basis.9. Special Considerations: Include any special considerations, conditions, or othercircumstances that is foreseen affecting the project.10. Responses are limited to a total of 40 pages; however, an attachment of asample report can be beyond the 40-page limit. The font size shall not besmaller than 11-point. E-mail your RFP Submission in a PDF. Format to:haddocgc@guc.com.SELECTION PROCESS• Proposals should be received no later than 2:00 PM (EST) January 15, 2026. Allfirms submitting proposals must be duly licensed to practice business in the Stateof North Carolina.• Screening of proposals by a staff committee should be completed by January 30,2026. The staff committee will review the potential firm’s recent specializedexperience, firm’s staff qualifications, firm’s capacity to accomplish the work,Page 5 of 21
- Commodity Codes
-
- NAICS 541512Computer Systems Design Services
- NAICS 541519Other Computer Related Services
* Disclaimer: Government BidHub provides information on bids, RFPs (Requests for Proposals), and RFQs (Requests for Qualifications) solely for convenience and informational purposes. This site is not an official public notice board. For official details, responses, or inquiries, please contact the relevant government agency directly.
Empower Your Bidding Strategy
Unlock Government BidHub's unparalleled access to high-quality, tailored bid information.
- Access an extensive database of bids, including comprehensive local and state opportunities.
- Receive customized alerts for the bids that matter most to your business.
- Explore detailed specifications to ensure precise and competitive submissions.
- Gain a competitive edge with up-to-date information and exclusive opportunities.
See Also
Web Application Firewall (WAF)
Solicitation Number: 72-PJTH26087 Project Title: Web Application Firewall (WAF) Description: The University of
State Government of North Carolina
Bid Due: 7/15/2026
Enterprise Skills Assessment ...
Follow Enterprise Skills Assessment Platform Active Contract Opportunity Notice ID H9242126QE036 Related Notice
DEPT OF DEFENSE
Bid Due: 7/10/2026