Rhode Island Turnpike and Bridge Authority

Buyer seeks qualified firms to provide a comprehensive assessment of their Payment Card Industry Data Security Standard compliance status. The assessment will evaluate the buyer's current compliance with PCI DSS 4.0.1 requirements, identify areas of non-compliance, and establish a remediation roadmap. The scope includes all departments that accept payment card data and systems involved in processing cardholder data.

• 3/26/2025 - Question Submission Deadline
• 3/31/2025 - Response to Questions
• 4/9/2025 - Assessment Start Date
• 4/15/2025 - Proposal Due Date
• 7/1/2025 - Final Report Completion

• Evaluate network architecture for PCI DSS compliance
• Review network segmentation controls
• Assess policies for handling payment card data
• Verify data security and encryption implementation
• Evaluate access control and authentication mechanisms
• Review risk assessment and vulnerability management practices
• Analyze third-party vendor compliance with PCI standards
• Conduct external and internal vulnerability assessments
• Perform external and internal penetration testing
• Prepare PCI Gap Analysis Report with remediation recommendations