Summary
Qualified cybersecurity service providers to perform annual external vulnerability assessments and web application scanning services on an as-needed basis. The selected Supplier shall provide comprehensive, non-destructive security scanning of the County’s public-facing infrastructure, including external IP addresses and web applications, to identify, assess, and prioritize potential security vulnerabilities and misconfigurations. Services shall include vulnerability identification, severity scoring utilizing industry-standard methodologies, contextual threat intelligence analysis, validation to reduce false positives, historical vulnerability tracking, and detailed reporting with actionable remediation recommendations. The Supplier must be capable of providing timely, accurate, and repeatable assessments that support the County’s cybersecurity program, risk management efforts, and compliance with applicable public sector security standards and best practices.