INVITATION OF BIDS FOR TENDER

Similar documents
INSTITUTE OF GENOMICS & INTEGRATIVE BIOLOGY (Council of Scientific & Industrial Research) Mall Road, Delhi

NOTICE INVITING TENDER FOR ISO CERTIFICATION

TENDER FOR SUPPLY AND INSTALLATION OF COMPUTER SYSTEM, SOFTWARE & UPS.

TENDER DOCUMENT for Renewal of SonicWALL NSA 4500 and SonicWALL Enforced Anti-Virus & Anti-Spyware at NIHFW

Please note that your offer should be only in the enclosed format duly signed by the authorised signatory on each page along with seal of your firm.

Tender Document. Ref. No.: NIT/AMU/CPCC-01/ThinClient/ For. Procurement of Thin Client Solution

TENDER FOR SUPPLY AND INSTALLATION OF COMPUTER SYSTEM, SOFTWARE, PRINTER & UPS.

Government of Bihar Bihar Institute of Public Administration and Rural Development(BIPARD) WALMI Complex, Phulwarisharif Patna

TENDER DOCUMENT NATIONAL INSTITUTE OF PUBLIC FINANCE AND POLICY. New Delhi SUPPLY OF LAN EQUIPMENTS AND INSTALLATION OF LAN IN THE CAMPUS

OIL AND GAS REGULATORY AUTHORITY *******

ADMINISTRATION DEPARTMENT TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS TOTAL SECURITTY FOR BUSINESS LICENSES FOR USE AT NIT KARACHI

Sybase Database Details. Data Device Usage. Transaction Log Segment Usage

NOTICE INVITING TENDERS (NIT)

Bidding Document. Renewal and Maintenance Support of Intrusion Detection System / Intrusion Prevention System (IDS/IPS)

Last Date of Submission : March 19, 2012 up to 3:00 p.m.

OIL AND GAS REGULATORY AUTHORITY *******

SHIVAJI COLLEGE, UNIVERSITY OF DELHI RAJA GARDEN, RING ROAD NEW DELHI NOTICE INVITING TENDERS

Notice inviting Tender for Web site design & Development

TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS LICENSES FOR USE AT NIT, KARACHI

THE INSOLVENCY PROFESSIONAL AGENCY CMA BHAWAN, 3, INSTITUTIONAL AREA, LODHI ROAD, NEW DELHI

Supply, Installation & Commissioning of CPU

GUJARAT TECHNOLOGICAL UNIVERSITY

Indian Highway Management Company Limited (IHMCL) Invites sealed quotations for Supply of IT Equipment (Laptop, Desktop and Printer)

NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED (A Government of India Enterprise under NIC) MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY

Quotation Notice. S/d DIRECTOR

ENQUIRY NO.: IIT/ECE/ENQ/GCF/1/ Date: 26/07/2017 INVITATION FOR TENDER FOR SUPPLY OF EQUIPMENT

No. NIQ14/2017/IND14366 Dated:

NOTICE INVITING TENDER Central Purchase Committee for Computers (CPCC), Aligarh Muslim University, Aligarh (U.P.), INDIA

No. 10(02)/2016-NICSI

INVITATION FOR QUOTATION. TEQIP-III/2019/iiit/Shopping/56/5302. Sub: Invitation for Quotations for supply of Desktop Computers.

Indian Institute of Technology, Kharagpur Kharagpur , WB, India

TENDER CONTENTS 1. TECHNICAL BID

Request for Proposal (RFP)

Last date for submission of the bid is 30/04/2018 before 2.00 PM

Biotech Consortium India Limited

Hard Disk: 1 TB TFT (LED) Monitor 21

Central Office, Information Technology/BPR Dept., 2nd Floor, Jeevan-Seva Annexe, Santacruz (W), Mumbai

Page 1 SUPPLIER DECLARATION FORM

Enq. No. IIITMK/ 0612 /18 Date: 12/03/2018 Due on: 26/03/2018 4pm

OIL AND GAS REGULATORY AUTHORITY Plot No. 54-B, Fazal-e-Haq Road, Blue Area, Islamabad Ph: ********

Indian Institute of Corporate Affairs. Ministry of Corporate Affairs (Govt. of India)

NOTICE INVITING QUOTATION ADM/56/96/IXE

Quotations IV of inviting Re- Quotations

98 Years of Relentless Journey towards Engineering Advancement for Nation-building. Ref : SP/T-1623 Date : NOTICE INVITING TENDER

CENTRAL SECRETARIAT LIBRARY

PRASAR BHARATI BROADCASTING CORPORATION OF INDIA DOORDARSHAN KENDRA : CHENNAI ***** No.9(2)(17)/WEBSITE/ /ES/DKC Date:

UI/UX specifications document for the website template mentioned below.

भ रत य स चन प र द य ग क स स थ न प ण

User Manual (e-tendering)

i) The party should have 03 (three) years experience as on the Bid closing date for the same item.

Ship Chartering Process:

SUB : Tender of Printers for undertaking Printing Job.

CORRIGENDUM. Corrigendum to RFP No. SBI/GITC/PMD/ /402 dated

HIGH COURT OF HIMACHAL PRADESH, SHIMLA

Tender No. : ITS/TNDR/AMC/17-18/02 dated 16/04/2018

DENA BANK INFORMATION TECHNOLOGY DEPARTMENT, HO, MUMBAI.

INVITATION FOR QUOTATION. TEQIP-II/2017/CH2G01/Shopping/126

Invitation of sealed quotations for Renewal of Symantec Back up Executive.

NO.VSSUT/CIF/ Dated: QUOTATION CALL NOTICE

र ष ट र य गत श ल द वय गजन स स थ न

Request For Quotation from Service Providers. for. Appointment of Consultant for Migration to ISO/IEC 27001:2013 alongwith Implementation for UTIITSL

Bidding Document VULNERABILITY MANAGEMENT SOLUTION

Sub: Invitation of sealed quotations for Procurement of UPS systems for MDI Gurgaon

(B) General Conditions of Tender:- (C) Liquidated damages for delay in supply:-

: Admin/Gen/30-09/2017-AIIMS.JDH

Bidding Document PROVISION AND INSTALLATION OF VOICE OVER IP PHONE EQUIPMENT. Last Date for Submission: Tender Opening Date:

HIGH COURT OF HIMACHAL PRADESH, SHIMLA

Tender No. : ITS/TNDR/AMC/17-18/02 dated 20/04/2017 AMC FOR 24 SERVERS, 2 STORAGES AND KVM SWITCHES AT LHO MUMBAI

HOOGHLY PRINTING CO. LTD. (A

Request For Quotation from Service Providers. for

INSTRUCTIONS TO BIDDERS

Directorate of Horticulture, Bihar

INVITATION FOR QUOTATION. TEQIP-II/2013/UK1G01/Shopping/39

NATIONAL INSTITUTE OF TECHNOLOGY PUDUCHERRY Thiruvettakudy, Varichikuddy (Post) Karaikal Tender Document. For

INDIA TOURISM DEVELOPMENT CORPORATION LIMITED Unit : Ashok Travels & Tours, Bangalore

Name of the Tenderer: Address:


Bharat Heavy Electricals Limited (High Pressure Boiler Plant) Tiruchirappalli , TAMIL NADU, INDIA MATERIALS MANAGEMENT

Tender Schedule No. Figure: Active-Active Cluster with RAC

PROVISION, INSTALLATION, COMMISIONING & DEPLOYMENT OF BLADE SERVERS WITH CHASSIS

RFP FOR INFORMATION SYSTEM AUDIT

CSWAE Certified Secure Web Application Engineer

Website:

Phone No Tender Notice No.5-532/18-19/PS (C) Date 20 th November, 2018

SUPPLY CHAIN MANAGEMENT. MANUAL / INSTRUCTION DATE : 20 August 2015 ONLINE VENDOR REGISTRATION SYSTEM USER MANUAL

HMT LIMITED (A Government of India Undertaking) HMT Bhavan, # 59, Bellary Road, Bangalore

ICSI HOUSE, 22 INSTITUTIONAL AREA, LODI ROAD NEW DELHI Quotation for Rate Contract for Supply of Computer Consumables for Six Months

Rajya Sabha Secretariat Rajya Sabha Television 3 rd &4 th Floor, Talkatora Stadium Annexe Building, New Delhi

BID FORM. FOR COMPREHENSIVE ANNUAL MAINTENANCE CONTRACT OF IBM SERVERS (11 Nos.), HP SERVERS (02 Nos.)& KVM Switch (02 Nos.

NOTICE INVITING TENDER (NIT) SEALED QUOTATIONS FOR SUPPLY, INSTALLATION AND MAINTENANCE OF THREE (3) LAPTOPS at Head Office, Kolkata

Quotations invited. 2. The supplied hardware should have 5 years comprehensive onsite warranty (24 x 7 call logging) from OEM directly.

Expression of Interest (EoI) for Transfer of Technology

QUAID E AZAM THERMAL POWER (PVT.) LTD. First Floor, 7 C 1, Gulberg III, Lahore.

Indian Institute of Engineering Science and Technology, Shibpur Howrah Advt. No. DE/D(AA)/16/71 dated 16/12/2016 TENDER

Request for Quotations. Sub.: Request for quotation for purchase of technical equipments

TERMS OF REFERENCE FOR THE APPOINTMENT OF A SERVICE PROVIDER FOR WEBSITE AND DOMAIN HOSTING SERVICES

Category UR OBC SC ST

NATIONAL INSTITUTE OF TECHNOLOGY, TIRUCHIRAPPALLI INVITATION FOR QUOTATION. TEQIP-III/2017/NITT/Shopping/44

No. PAG (Audit)/OE/EA-I/ Date: Limited Tender Notice for Computer Hardware/Software-Reg.

Tender Document. PROCUREMENT OF Servers & Firewall

Transcription:

INVITATION OF BIDS FOR TENDER Tender No : 01/2018 0947/IT/DGNCC/Budget Government of India Ministry of Defence Dte General of NCC West Block IV, RK Puram, New Delhi 110066 17 Apr 2018 From: HQ Dte General of National Cadet Corps West Block IV, RK Puram, New Delhi 110066. for and on behalf of the President of India) To, As per list attached. TENDER ENQUIRY FOR CONDUCTING THE SECURITY AUDIT AND FIXING THE VULNERABILITIES OF WEB SITE OF NATIONAL CADET CORPS FROM CERT-IN AND / OR NICSI EMPNELLED AGENCIES 1. Ministry of Defence, New Delhi for and on behalf of the President of India, hereinafter called the Government invites tender from authorized service providers for conducting the security audit and fixing the vulnerabilities of web site of National Cadet Corps from Cert-in and / or NICSI empanelled agencies At HQ DGNCC, RK Puram, New Delhi. 2. General information about the tender is as follows:- (a) Tender reference No. - 01 /2018 (b) Last date and time for - 25 Apr 2018 at 1300 hrs Receipt of Tenders (c) Time and date for opening - 25 Apr 2018 at 1500 hrs of Bids

(d) Place of opening of Tenders - HQ DGNCC, West Block IV, RK Puram, New Delhi 3. The details about the tender are enclosed at Appendix. 4. The tender, completed in all respects and duly sealed, should reach HQ DGNCC, West Block IV, RK Puram New Delhi not later than 25 Apr 2018 at 1300 hrs.. 5. The tender must be addressed to Joint Director IT, HQ DGNCC, West Block IV, RK Puram, New Delhi 110066 and superscribed as TENDER FOR WEBSITE SECURITY AUDIT. xxxxsignedxxx (HS Sidhu) Lt Col Jt. Dir IT for and on behalf of President of India

INVITING SEALED QUOTATIONS FROM CERT-IN AND/OR NICSI EMPANELLED AGENCIES FOR CONDUCTING SECURITY AUDIT OF WEBSITE OF NATIONAL CADET CORPS, RK PURAM, NEW DELHI. [Reference No. ] Last Date & Time of Submission of Bid Date & Time of Opening of Bid 25 Apr 2018, 1:00 PM 25 Apr 2018, 3:00 PM Name of the Bidding Company/ Firm Contact Person Authorized Bid Signatory Correspondence Address Mobile No Telephone Fax Website Official E-mail Address TENDER FOR CONDUCTING THE SECURITY AUDIT AND FIXING THE VULNERABILITIES OF WEBSITE OF THE NATIONAL CADET CORPS FROM CERT-IN AND /OR NICSI EMPANELLED AGENCIES. National Cadet Corps (NCC) is inviting sealed quotations from Cert-In and/or NICSI Empanelled Agencies for Security audit of its Website i.e. http://nccindia.nic.in. Bidders are advised to study the document carefully. The Cost estimates may please be provided in the sealed envelope and should reach by post to the below mentioned address latest by 19/03/2018 at 1:00 PM. The Agencies are requested to submit the proposal for website and financial quotation is to be submitted for security audit and vulnerability patching of the website. The sealed quotation is to be mailed in the name of following JOINT DIRECTOR IT HQ DG NCC WEST BLOCK IV RK PURAM NEW DELHI - 66 Tender document with other details is also available on National Cadet Corps Website http://nccindia.nic.in

ANNEXURE-I TERMS & CONDITIONS 1. The website will be hosted at NIC server after Security audit and vulnerability patching, so the security audit certificate should be in compliance with the NIC standards. 2. The envelope shall be prominently marked on top with "COMMERCIAL BID FOR CONDUCTING THE SECUIRTY AUDIT OF NCC WEBSITE. The envelop should be properly sealed. 3. The tenders should reach this office by 25 Apr 2018 at 1:00 PM and tender will be opened on 25 Apr 2018 at 3:00 PM. 4. The price bids of those firms will be opened who fulfils the terms and conditions. 5. Only those Organizations/firms registered with the CERT-in and/or NICSI are eligible for submitting their bids. 6. Incomplete or conditional tender will not be entertained. 7. No tender will be accepted after closing date and time. 8. The first round of security audit report should be submitted to the HQ DG NCC within 07 days after the work order is issued by HQ DG NCC and final report after fixing of vulnerabilities should be submitted within next 07 days. Hence total time for completion of the project is two weeks after issue of work order. Any delay beyond two weeks will attract penal deduction @ 0.5% per day subject to maximum of 10% beyond which the project may be cancelled and re-tendered. 9. The tenderer may remain present himself /herself or his/her authorized representative at the time of opening the tender. Only authorized representative will be allowed to attend the meeting of the Tender Committee. 10. All the firms/organization participating in the Tender must submit a list of their owners/partners etc. along with their contact numbers and a Certificate to the effect that the firm/organization is neither blacklisted by any Govt. Department nor any Criminal Case registered against the firm or its owner or partners anywhere in India be attached with this tender. Any firm/organization blacklisted by a Govt./Semi Govt. Deptt. shall not be considered for this tender and tender will be rejected straightway. 11. The payment will be made only after submitting the final security audit certificate post patching of all the vulnerabilities.. 12. No claim for interest in case of delayed payment will be entertained. 13. A copy of terms & conditions attached as and Scope of work attached as duly signed by the tenderer, as a token of acceptance of the same should be attached along-with the tender. 14. The Tender Committee reserves the right to relax any terms and condition in the Govt. interest, with the approval of competent authority. 15. All disputes are subject to the jurisdiction of the Courts in the N.C.T. of Delhi.

Note: (A) Documents Required To Be Attached With the Bid : 1. GST Registration No. 2. Copy of authorization with CERT-in /NICSI empanelment. 3. Copy of terms and conditions duly signed with seal of the firm/organization, in token of acceptance of terms and conditions. 4. All the firms participating in the Tender must submit a list of their owners/partners etc. and a Certificate to the effect that the firm is neither blacklisted by any Govt. Department nor any Criminal Case is registered against the firm or its owner or partners anywhere in India. 5. All Other supporting documents as required in the tender shall be attached. B. Commercial Bid should be in the format given at Annexure-III and it should contain price only and no other documents shall be enclosed. SIGNATURE WITH SEAL OF TENDERER NAME IN BLOCK LETTERS: Company Name with Full Address:

ANNEXURE-II SCOPE OF WORK FOR THE SECURITY AUDIT Primary objective of the security audit exercise is to identify major vulnerabilities in the web application from internal and external threats. Once the threats are identified and reported the auditors should also fix the same. Technical Details of the applications are as follows: S.No. Parameters/Information about the Website Description 1. Web application Name & URL http://nccindia.nic.in/ 2. Operating system details Red Hat Enterprise Linux Server release 6.2 (Santiago) 3. Application server with Version Apache/2.2.15 (Unix) 4. Development platform for application : Front-end Tool [Server side PHP 5.3.3 (cli) (built: Jul 3 2015 Scripts] (i.e. ASP, Asp.NET, JSP, PHP, etc.) 5. Back-end Database (MS-SQL Server, PostgreSQL, Oracle, etc.) mysql Ver 14.14 Distrib 5.1.73 6. Authorization No. of roles & types of privileges for the different roles Admin for content management 7. Whether the site contains any content management module (CMS) (If Yes, Drupal yes the n which?) 8. No of input forms Over 10 9. No. (Approximate) of input Fields 100 plus 10. No. of login modules 1 11. How many application roles/privilege levels of users? 1 12. Does the application provide a file download feature (Yes / No)? Yes 13. Does the application use Client-side certificate (Yes / No)? No 14. Is there a CMS (Content Management System) present to maintain the Yes public portal/login module? 15. Tentative Testing environment (Development / Staging / Production Box)? 16. Does the application have SMS integration (Yes/No)? No 17. Does the application have E-Mail integration (Yes/No)? No 18. Does the application have Payment Gateway integration (Yes/No)? No 19. Does the application provide a file upload feature (Yes / No)? Only for Admin 20. Detail of total number of pages (Static/Dynamic and separate counting for separate platform/front end used) - Count Static Pages 50 Dynamic Pages (Name of Front End Tool used to design and develop) 10. The auditing agency will need to undertake the following activities: 1. Identify the security vulnerabilities, which may be discovered during website security audit including cross-site scripting, Broken links/weak session management, Buffer Overflows, Forceful browsing, Form/ hidden field manipulation, Command injection, Insecure use of cryptography, Cookie poisoning, SQL injection, Server missconfiguration, Well known platform vulnerabilities, Errors triggering sensitive information, leak etc. 2. Identification and prioritization of various risks to the NCC website.

3. Take necessary remedial measures for making the website secure. 4. Undertake user profiling and suggest specific access methodologies and privileges for each category of the users identified. 5. The auditors will have to carry out an assessment of the vulnerabilities, threats and risks that exist in NCC Online web application through Internet Vulnerability Assessment and Penetration Testing. This will include identifying remedial solutions and recommendations for implementations of the same to mitigate all identified risks, with the objective of enhancing the security of the system. 6. The website should be audited as per the CERT-in Standards. The auditor is expected to submit the final audit report after fixing the vulnerabilities and confirm the same with a re-test. 7. The Audit firm has to submit a summary compliance report at the end of the assessment phase and the final Report will certify that NCC website is incompliance with the NIC standards. Deliverables and Audit Reports 8. The successful bidder will be required to submit the following documents in printed format (2 copies each) after the audit of above mentioned two web application: (i) (ii) A detailed report with security status and discovered vulnerabilities, weakness and misconfigurations with associated risk levels and corrective actions taken for risk mitigation. The final security audit certificate in compliance with the NIC standards. (iii) All deliverables shall be in English language and in A4 size format. (iv) The vendor will be required to submit the deliverables as per terms and conditions of this document.

ANNEXURE-III COMMERCIAL BID <On Company s Letter Head> The Agencies are requested to submit the combined proposal for security audit and vulnerabilities fixing and only one financial quotation is to be submitted. Name of the Bidder Address for Correspondence : : I/we hereby submit the commercial bid for conducting Security Audit of web applications of National Cadet Corps as per the Scope of work given in this tender document within the time specified and in accordance with the terms and conditions. The bidders are required to quote the rates in the following format. S. No. Description Cost (In Rs.) Tax Total Cost (Rs.) 1 Website security audit and report generation 2 Fixing of vulnerabilities and issue of Security Certificate Note:- Grand Total 1. The rate should not be provided as a percentage figure but in absolute Indian Rupees. 2. The rate quoted must be reasonable and valid for a period of at least three months from the date of opening of the commercial bid. 3. Commercial bid should be signed and stamped.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback