County of Sonoma

Buyer is soliciting proposals for comprehensive security services to evaluate and enhance the security of the Register of Voters systems and network infrastructure. The project involves security assessment, vulnerability assessment, penetration testing, and social engineering testing. Buyer aims to identify potential security risks across networks with approximately 65 devices, an air-gapped network with 12 devices, and 2-3 external systems. All services must be completed by January 31, 2026.

• 5/26/2025 - Release Request for Proposals
• 5/30/2025 - Pre-Bid Conference
• 6/5/2025 - Proposer's Questions Due
• 6/11/2025 - County's Responses to Questions Due
• 6/24/2025 - Proposal Due Date
• 7/8/2025 - Proposals Evaluated by County
• 7/22/2025 - Interviews Conducted
• 8/12/2025 - Notice of Intent to Award
• 9/9/2025 - Board of Supervisors Awards Contract

• Establish a comprehensive security testing framework
• Conduct a security assessment of ROV systems and network infrastructure
• Examine ROV cybersecurity alignment with CSF
• Conduct vulnerability assessment on approximately 65 devices
• Assess security of an air-gapped network with 12 devices
• Perform penetration testing on internal and external systems
• Conduct firewall configuration review
• Execute social engineering tests to assess human vulnerabilities
• Prioritize vulnerabilities based on risk and impact
• Deliver comprehensive security assessment reports with recommendations
• Demonstrate potential system compromise through controlled testing
• Validate security policies, procedures, and controls
• Review network architecture and perimeter security
• Perform network scanning of specified networks
• Design social engineering campaigns (impersonation tests)
• Develop remediation recommendations for discovered vulnerabilities
• Assess security risks based on industry frameworks
• Document exploited vulnerabilities and methodologies used
• Provide solution recommendations for CSF alignment
• Complete all services by January 31, 2026