New York State Insurance Fund

Buyer seeks to assess its current security posture through penetration testing. The project involves external black box security testing of perimeter defenses and internal grey box testing of the internal environment. This will reduce organizational risk and satisfy regulatory, commercial, and organizational compliance requirements. All deliverables must be completed by December 31, 2025.

• 6/9/2025 - RFQ Issued
• 6/16/2025 - Final date for bidder inquiries
• 6/24/2025 - Responses to Inquiries
• 7/1/2025 - Proposal Due Date

• Must be NY State Certified Minority/Women/Service-Disabled Veteran Owned Business
• Must have penetration testing experience using security tools
• Must provide three samples of similar penetration testing
• Must provide engineer with 2+ years penetration testing experience
• Staff must have relevant security certifications (CEH, CISSP, etc.)
• Staff must have black box and grey box testing experience

• Perform external black box security penetration test
• Perform internal grey box penetration test
• Complete planning, discovery, attack, and reporting phases
• Identify vulnerabilities in network perimeter defenses
• Assess NYSIF's current security posture
• Use security tools like Metasploit, Nmap, Wireshark
• Document successful exploits and vulnerabilities
• Provide detailed findings document with remediation recommendations
• Deliver executive summary document
• Present findings in executive-level presentation