PCI Assessment and Attestation

Foothill/Eastern Transportation Corridor Agency and San Joaquin Hills Transportation Corridor Agency

Buyer seeks a qualified firm to provide PCI Assessment and Attestation services. The scope includes annual PCI compliance attestations, annual risk assessments, penetration testing, and vulnerability scanning. Buyer has approximately 1100 endpoints, including Windows workstations, Windows servers, and Linux servers that will need to be assessed.

• 7/9/2025 - Pre-Proposal Meeting
• 7/11/2025 - Question Submittal Deadline
• 7/16/2025 - Agency Response to Questions
• 8/7/2025 - Proposal Due Date
• 9/8/2025 - Tentative Interview Dates
• 1/1/2026 - Anticipated Contract Award

• Five years in business providing PCI assessment services
• Project manager with five years PCI assessment experience
• Business formed in or registered in a US state

• Conduct annual PCI DSS compliance assessments
• Prepare Attestation of Compliance/Report on Compliance documentation
• Perform annual risk assessments
• Conduct internal and external penetration testing
• Provide ASV external vulnerability scanning
• Test network segmentation
• Deliver remediation guidance for non-compliant findings
• Validate scan results and provide remediation support
• Report critical findings in real-time
• Evaluate approximately 1100 endpoints including Windows and Linux