INSTITUTE OF GENOMICS & INTEGRATIVE BIOLOGY (Council of Scientific & Industrial Research) Mall Road, Delhi

Similar documents
INVITATION OF BIDS FOR TENDER

TENDER DOCUMENT for Renewal of SonicWALL NSA 4500 and SonicWALL Enforced Anti-Virus & Anti-Spyware at NIHFW

TENDER FOR SUPPLY AND INSTALLATION OF COMPUTER SYSTEM, SOFTWARE & UPS.

TENDER DOCUMENT NATIONAL INSTITUTE OF PUBLIC FINANCE AND POLICY. New Delhi SUPPLY OF LAN EQUIPMENTS AND INSTALLATION OF LAN IN THE CAMPUS

Bidding Document. Renewal and Maintenance Support of Intrusion Detection System / Intrusion Prevention System (IDS/IPS)

TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS LICENSES FOR USE AT NIT, KARACHI

Website:

ADMINISTRATION DEPARTMENT TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS TOTAL SECURITTY FOR BUSINESS LICENSES FOR USE AT NIT KARACHI

TENDER FOR SUPPLY AND INSTALLATION OF COMPUTER SYSTEM, SOFTWARE, PRINTER & UPS.

Quotation Notice. S/d DIRECTOR

Notice inviting Tender for Web site design & Development

OIL AND GAS REGULATORY AUTHORITY *******

Hard Disk: 1 TB TFT (LED) Monitor 21

Sybase Database Details. Data Device Usage. Transaction Log Segment Usage

Government of Bihar Bihar Institute of Public Administration and Rural Development(BIPARD) WALMI Complex, Phulwarisharif Patna

Last Date of Submission : March 19, 2012 up to 3:00 p.m.

No. NIQ14/2017/IND14366 Dated:

NOTICE INVITING TENDER FOR ISO CERTIFICATION

TENDER CONTENTS 1. TECHNICAL BID

Rajya Sabha Secretariat Rajya Sabha Television 3 rd &4 th Floor, Talkatora Stadium Annexe Building, New Delhi

No.19013/3/2016--Genl Government of India Ministry of Textiles (General Section) Udyog Bhawan, New Delhi Dated October, 2016.

ICSI HOUSE, 22 INSTITUTIONAL AREA, LODI ROAD NEW DELHI Quotation for Rate Contract for Supply of Computer Consumables for Six Months

Tender Document. Ref. No.: NIT/AMU/CPCC-01/ThinClient/ For. Procurement of Thin Client Solution

THE INSOLVENCY PROFESSIONAL AGENCY CMA BHAWAN, 3, INSTITUTIONAL AREA, LODHI ROAD, NEW DELHI

Indian Institute of Corporate Affairs. Ministry of Corporate Affairs (Govt. of India)

SHIVAJI COLLEGE, UNIVERSITY OF DELHI RAJA GARDEN, RING ROAD NEW DELHI NOTICE INVITING TENDERS

(B) General Conditions of Tender:- (C) Liquidated damages for delay in supply:-

OIL AND GAS REGULATORY AUTHORITY *******

Indian Institute of Technology, Kharagpur Kharagpur , WB, India

Please note that your offer should be only in the enclosed format duly signed by the authorised signatory on each page along with seal of your firm.

Central Office, Information Technology/BPR Dept., 2nd Floor, Jeevan-Seva Annexe, Santacruz (W), Mumbai

ICSI HOUSE, 22 INSTITUTIONAL AREA, LODI ROAD NEW DELHI Ref: ICSI/PC-2015/RFQ-2632 Date: August 07, 2015 STORES FOR ONE YEAR

Biotech Consortium India Limited

CHECK LIST FOR BIDDERS / APPLICANTS. 2. The following documents form part of the BID and should be submitted with BID:

GUJARAT TECHNOLOGICAL UNIVERSITY

Request for Proposal (RFP)

NATIONAL INSTITUTE OF TECHNOLOGY PUDUCHERRY Thiruvettakudy, Varichikuddy (Post) Karaikal Tender Document. For

OIL AND GAS REGULATORY AUTHORITY Plot No. 54-B, Fazal-e-Haq Road, Blue Area, Islamabad Ph: ********

98 Years of Relentless Journey towards Engineering Advancement for Nation-building. Ref : SP/T-1623 Date : NOTICE INVITING TENDER

BID FORM. FOR COMPREHENSIVE ANNUAL MAINTENANCE CONTRACT OF IBM SERVERS (11 Nos.), HP SERVERS (02 Nos.)& KVM Switch (02 Nos.

THE INSTITUTE OF COMPANY SECRETARIES OF INDIA ICSI HOUSE, 22 INSTITUTIONAL AREA, LODI ROAD NEW DELHI TENDER DOCUMENT

Tender No. 61/20(83)/506/STPI-BH/2015, Dt: 06/04/2015. RFP for Supply, Installation and Commissioning of firewall at STPI- Bhubaneswar ISSUED BY

Tender for Purchase of One Number of Chassis & One Number of Blade Server for Permanent Campus of the Institute at Okhla Phase-III, New Delhi

INDIA TOURISM DEVELOPMENT CORPORATION LIMITED Unit : Ashok Travels & Tours, Bangalore

SUB : Tender of Printers for undertaking Printing Job.

TENDER FOR SUPPLY & INSTALLATION DESKTOP COMPUTERS. Tender No. - NTSC/WST/Computer/ /92A

Name of the Tenderer: Address:

ENQUIRY NO.: IIT/ECE/ENQ/GCF/1/ Date: 26/07/2017 INVITATION FOR TENDER FOR SUPPLY OF EQUIPMENT

Centre for Development of Imaging Technology (CDIT) Chithranjali Hills, Thirvallom PO, Thrivananthapuram (An Autonomous Body under Govt.

Indian Institute of Engineering Science and Technology, Shibpur Howrah Advt. No. DE/D(AA)/16/71 dated 16/12/2016 TENDER

WEBSITE NOTIFICATION

BOXING FEDERATION OF INDIA

GAUHATI UNIVERSITY INSTITUTE OF SCIENCE AND TECHNOLOGY GopinathBordoloi Nagar, Guwahati Telephone No.:

VENDOR HELP MANUAL E-Auction Vendor Help Manual. Central Public Work Department

Payment Card Industry (PCI) Data Security Standard

Special instructions to Bidders for e-tendering

RFP FOR INFORMATION SYSTEM AUDIT

Gram:CENBOSEC, Delhi-92 Phones: rodelhi. Website:

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

GUJARAT VIDYAPITH ASHRAM ROAD, AHMEDABAD Phone No.: / Fax No : Website: www. Gujaratvidyapith.

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Request For Quotation from Service Providers. for. Appointment of Consultant for Migration to ISO/IEC 27001:2013 alongwith Implementation for UTIITSL

WEBSITE NOTIFICATION

PONDICHERRY UNIVERSITY PURCHASE & STORES. Tender Notification

NOTICE INVITING TENDERS (NIT)

BANK OF BARODA REGIONAL OFFICE ANAND (GUJARAT STATE) TENDER NOTICE ELECTRICAL AUDIT WORK FOR BANK OF BARODA, ANAND REGION, GUJARAT STATE

Directorate of Horticulture, Bihar

Payment Card Industry (PCI) Data Security Standard

WEBSITE NOTIFICATION

HIGH COURT OF HIMACHAL PRADESH, SHIMLA

Telecommunications Consultants India Ltd. (A Government of India Enterprise)

Merchant Certificate of Compliance

PROVISION, INSTALLATION, COMMISIONING & DEPLOYMENT OF BLADE SERVERS WITH CHASSIS

Tender Schedule No. Figure: Active-Active Cluster with RAC

GLOBAL TENDER NOTICE NO.: 05/ Last date of receipt of the sealed quotations: Upto 3 P.M. of

Payment Card Industry (PCI) Data Security Standard

INSTRUCTIONS TO BIDDERS

IIM Sambalpur NOTICE INVITING TENDER FOR 100 MBPS (1:1) LEASED LINE INTERNET CONNECTION AT IIM SAMBALPUR CAMPUS FOR ONE YEAR (E-PROCUREMENT MODE ONLY)

Quotations IV of inviting Re- Quotations

Tender No. : ITS/TNDR/AMC/17-18/02 dated 16/04/2018

PCI Compliance Assessment Module with Inspector

WEBSITE NOTIFICATION NOTICE INVITING APPLICATIONS FOR EMPANELMENT OF ARCHITECTS/ CONTRACTORS/ CONSULTANTS

Last date for submission of the bid is 30/04/2018 before 2.00 PM

HIGH COURT OF HIMACHAL PRADESH, SHIMLA

NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED (A Government of India Enterprise under NIC) MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

TECHNICAL & FINANCIAL BID

NOTICE INVITING TENDER Central Purchase Committee for Computers (CPCC), Aligarh Muslim University, Aligarh (U.P.), INDIA

HOOGHLY PRINTING CO. LTD. (A

OFFICE OF THE REGISTRAR::GAUHATI UNIVERSITY TENDER NOTICE FOR SUPPLY OFEQUIPMENTS

University of Sunderland Business Assurance PCI Security Policy

IS Audit of Stock Brokers

Development Authority of the North Country Governance Policies

E - Tender. For. Procurement of Exclaimer Signature Manager for Microsoft Office 365 Cloud Solution for Export-Import Bank of India

Tender No. : ITS/TNDR/AMC/17-18/02 dated 20/04/2017 AMC FOR 24 SERVERS, 2 STORAGES AND KVM SWITCHES AT LHO MUMBAI

No: NHM/MIS/COMP/2338/ /22216 Dated: 17/03/2015. Corrigendum - 1

No. 10(02)/2016-NICSI

Enq. No. IIITMK/ 0612 /18 Date: 12/03/2018 Due on: 26/03/2018 4pm

MSRDC OFFER DOCUMENT. Procurement of. Desktops, Printers and Laptop at MSRDC Office in Mumbai. September 2018

Transcription:

INSTITUTE OF GENOMICS & INTEGRATIVE BIOLOGY (Council of Scientific & Industrial Research) Mall Road, Delhi-110007 Tender documents Tender No. IGIB/IT/Security/2016 Name of work: INFORMATION SECUIRTY AUDIT OF WEB SERVER FOR PGI At CSIR-IGIB Last date of submission of tender: 23.03.2016 upto 3:00 PM Due Date of Opening of Tenders: 23.03.2016 at 3:30 PM S. No. DESCRIPTION PAGE NO. 1. Notice inviting tender 2 2. Scope of Work for Information Security Audit 3 3. Terms & Conditions 5 4. Documents Required 7 5. Format for Financial Bid 8 6. Security Compliance Certificate 9 Note: Bidders should confirm receipt of all the pages (Total 10 pages) of tender document. All the pages issued are to be returned along with the requisite documents (photocopies to be self attested by the bidders), duly signed and stamped by the bidders, while submitting tender.

INSTITUTE OF GENOMICS & INTEGRATIVE BIOLOGY (Council of Scientific & Industrial Research) Mall Road, Delhi-110007 NOTICE INVITING TENDER Tender No. IGIB/IT/Security/2016 INFORMATION SECUIRTY AUDIT OF WEB SERVER FOR PGI At CSIR-IGIB CSIR-Institute of Genomics & Integrative Biology (IGIB) is a premier Institute of Council of Scientific and Industrial Research (CSIR), engaged in research of national importance in the areas of genomics, molecular medicine, bioinformatics, proteomics and environmental biotechnology. Sealed tenders are invited in single bid system on behalf of Director, IGIB, Mall Road, Delhi from reputed and experienced CERT-in-empanelled agencies in the relevant field up to 03:00 p.m. on or before March 23, 2016, for the following work: Name of Work: CONDUCTING THE INFORMATION SECUIRTY AUDIT OF WEB SERVER FOR PGI. Primary objective of information security audit is to identify major vulnerabilities of the CSIR-IGIB web application for Payment Gateway Integration from internal and external threats. Once the threats are identified and reported the auditors should also suggest possible remedies. They also undertake a review of the Information security policy document and suggest additions and deletions in light of the integration of Payment Gateway. The duly filled in tender document along with the DD/FDR towards EMD of Rs 3,000/- in favour of Director IGIB payable at New Delhi will be accepted upto 3:00 PM on 23/03/2016. The tenders will be opened on the same day at 3:30 PM in the presence of the bidders or their representatives who wish to be present. The tenders received without EMD (to be enclosed in separate envelope) shall be summarily rejected and shall not be opened. Tenders received after prescribed date/time due to any reason will not be considered and rejected summarily. The Director, IGIB reserves the right with himself to accept or reject, in part or in full or all the tenders received without assigning any reasons thereof. Controller of Administration 2 Signature of Tenderer

Scope of Work for Information Security Audit CSIR-IGIB is hosting High Performance Computing facility in its Data Center at Mathura Road campus in New Delhi. Along with HPC, IGIB hosting many web servers, mail server, MIS, storage of nearly 2PB etc. in its Data Center. We have connected with National Knowledge Network (NKN) with 1Gbps link. Firewall has been configured for network security. Now CSIR-IGIB would like to have Payment Gateway integration to collect usage charges for sharing scientific equipments to other academic institutes/individuals. The Payment Gateway facility will also be used to collect fees during the PhD admission process. A small application has been developed by IGIB s internal IT person. To ensure that the web based application for PGI is free from security vulnerabilities the audit exercise will need to undertake the following activities: 1. Identify any security vulnerability on IGIB website including cross-site scripting, broken links/weak session management, buffer overflows, forceful browsing, form/hidden field manipulation, command injection, insecure use of cryptography, cookie posing, SQL injection, server miss-configuration, well known platform vulnerabilities, errors triggering sensitive information, leak etc. 2. Identification and prioritization of various risks to the IGIB web server. 3. Identify remedial solutions and recommendations for making the web application secure. 4. Undertake user profiling and suggest specific access methodologies and privileges for each category of the users identified. 5. The auditors will have to carry out an assessment of the vulnerabilities, threats and risks that exist in IGIB web server through Internet Vulnerability Assessment and Penetration Testing. This will include identifying remedial solutions and recommendations for implementations of the same to mitigate all identified risks, with the objective of enhancing the security of the system. The bidder will also be expected to propose a risk mitigation strategy as well as give specific recommendations to tackle the residual risks emerging out of identified vulnerabilities assessment. The IGIB web server should be audited as per the CERT-in standards. The auditor is expected to submit first level report which should contain: (i) A detailed report with security status and discovered vulnerabilities weakness and mis-configurations with associated risk levels and recommended actions for risk mitigations. (ii) Summary and detailed reports on security risk, vulnerabilities and audit with the necessary counter measures and recommended corrective actions to be undertaken by IGIB 3 Signature of Tenderer

6. After this first level report submitted by the auditors, IGIB will remove all the vulnerabilities with the help of internal developers and the auditor. The auditor has to submit the final audit report after the remedies/recommendations are implemented and confirmed with retest. 7. The Audit Firm/company has to submit a summary compliance report at the end of the assessment phase and the final report will certify the IGIB web server in compliance with the SBI standards and Form- C should be submitted to IGIB (in two copies). Technical details of the web server:- Website: www.igib.res.in hosted in the Data Center, CSIR-IGIB, (Near Sukhdev Vihar DTC Depot), Mathura Road, New Delhi 110 025. 1. CMS: Drupal 2. Web server: Apache (version: 2.2.3) 3. Front End: PHP 4. Back end: MySQL 5. OS & Version: RedHat Enterprise Linux 5.2 6. SSL Certificate & CA: SSL Certificate of CA: GlobalSign installed 4 Signature of Tenderer

TERMS & CONDITIONS 1. The Payment Gateway Integration (PGI) of web application is to be done with the State Bank of India (SBI) Payment Gateway services so the security audit certificate should be in compliance with the SBI standards (Form- C of SBI Payment Gateway Integration is attached herewith) 2. The envelope shall be prominently marked on top with "QUOTATION FOR CONDUCTING THE INFORMATION SECUIRTY AUDIT OF WEB SERVER FOR PGI. The envelope should be properly sealed. 3. The tenderer has to submit earnest money amounting to Rs.3,000/- in the form of A/C Payee demand draft/bankers Cheque from a nationalized Bank or postal order in favour of Director, IGIB payable at Delhi. In the absence of earnest money, the tender shall be rejected. 4. The EMD of the successful bidder (L1) will be retained as performance guarantee which will be refunded only after the satisfactorily completion of the contract. 5. The tenders should be sent to the office of COA, Room No. 320 at IGIB, Mall Road latest by 23-03-2016 upto 3:00 PM. The quotations will be opened on the same day at 3.30 PM at IGIB, Mall Road, Delhi. 6. Only those Organizations/firms registered with the CERT-in-empanelled are eligible for submitting the tender. 7. Incomplete or conditional tender will not be entertained. Optional tender will not be accepted. 8. The first round of security audit report should be submitted to CSIR-IGIB within 15 days after the work order issued by CSIR-IGIB and consecutive round reports if any should be submitted within 5 working days. 9. In case, the firm does not complete the audit work within the stipulated period from the date of confirmed work order, EMD submitted by the firm will be forfeited. 10. The tenderer can remain present himself /herself or his/her authorized representative at the time of opening the tender. 11. All the firms/organization participating in the Tender must submit a list of their owners/partners etc. along with their contact numbers and a Certificate to the effect that the firm/organization is neither blacklisted by any Govt. Department nor any Criminal Case is registered against the firm or its owner or partners anywhere in India be attached with this tender. Any firm/organization blacklisted by a 5 Signature of Tenderer

Govt./Semi Govt. Deptt. shall not be considered for this tender and tender will be rejected straightway. 12. The payment will be made only after submitting the final security audit certificate on completion of audit of website. 13. TDS as applicable will be deducted at sources at the rate decided by the Govt. from time to time which will be deposited by IGIB with the Income Tax Department. The Service Tax, if any, will be paid only if the agency/firm is registered with the Sevice Tax Department. 14. A copy of terms & conditions attached as and scope of work attached as duly signed by the tenderer, as a token of acceptance of the same should be attached along-with the tender 15. Firms/Organization will also have to assist in patching vulnerabilities if any after security audit for the platforms i.e. PHP/MySQL server at application level. 16. Incomplete offers/quotations or offers received without bids, earnest money will be rejected. 17. The right to accept or reject the tenders rests with Director, IGIB. Director, IGIB, however, does not bind itself to accept the lowest tender and reserves to himself the authority to reject any or all the tenders received without assigning any reason thereof. Tenders in which any of the particulars or prescribed information is missing or are incomplete in any respect or the prescribed conditions are not fulfilled are liable to be rejected. Tenders containing any additional conditions as remains are liable to be rejected. 18. All disputes and differences arising out of or in any way concerning this contract shall be referred to the sole arbitration of a person to be appointed by the Director, IGIB under the Arbitration & Conciliation Act, 1996. The award of the arbitrator so appointed shall be final and binding on both the parties. The arbitrator may with the consent of the parties extend the timing for making and publishing the award. 19. In case of dispute the venue of the arbitrator will be Delhi only. Legal proceeding if any will be subjected to the jurisdiction of the courts in Delhi only. 6 Signature of Tenderer

DOCUMENTS REQUIRED TO BE ATTACHED WITH BID IN THE FOLLOWING ORDER :- 1. E.M.D. in favour of Director, IGIB, Delhi amounting Rs. 3000/-. 2. Sale Tax/VAT Registration Certificate along with Tin No. 3. Copy of authorization with CERT-In empanelment. 4. Copy of terms and conditions duly signed with seal of the firm/organization, in token of acceptance of terms and conditions. 5. All the firms participating in the Tender must submit a list of their owners/partners etc. and a certificate to the effect that the firm is neither blacklisted by any Govt. Department nor any Criminal Case is registered against the firm or its owner or partners anywhere in India. 6. Financial bid in the attached format (Page No:8) 7. All Other supporting documents as required in the tender shall be attached. 7 Signature of Tenderer

Format for Financial bid (Information Security Audit for Payment Gateway Integration for one web server as per SBI Guidelines) S.No. Description of Service 1 Vulnerability Assessment & Penetration Testing 2 Web Application Audit 3 Compliance Audit as per SBI Guidelines consisting of the following categories of controls: Review of Technology Parameters Review of System Security Measures Review of Application and Data Security Measures Review of Work Procedure Review of Physical Security Audit Price (in Rs.) Taxes 4 Any Other Charges Grand Total Grand Total (in Words):... Total 8 Signature of Tenderer

FORM C Security Compliance Certificate Merchant should have the website evaluated by STQC (or NIC in the case of a Government dept. / agency) or any other security consultant empanelled with Cert-In and forward the Compliance Certificate signed and stamped by the security consultant & countersigned by the authorized signatory (Head of Dept.) of Merchant. A list of security consultants certified by Cert In can be found at http://www.certin.org.in/panelofauditors.htm. S. No. Parameters 1 VENDOR SITE COMPLIANCE CERTIFICATE (VSCC) SITE DETAILS: Site URL: Data centre /Premises address where the site is hosted: Whether Merchant has SSL certificate from Verisign or equivalent: For Govt of India/State Govt sites an equivalent SSL certificate from NIC/IDRBT is acceptable. The inspecting official is requested to specify in the column alongside the features of the SSL certificate implemented for the site. Security review - evidence Comments of the Security Consultant 2a 2b 3a 3b When was the last Application Security review done? Is there evidence to confirm that the findings have since been closed? Security review - evidence When was the last vulnerability assessment and External Penetration Testing done? Whether the latest version of Antivirus with up to date virus definitions is running on all appropriate systems. Is there evidence to confirm that the findings in vulnerability assessment and External Penetration Testing have since been closed? 9 Signature of Tenderer

System configuration & access control 4a 4b Whether the database and application servers are behind firewall? Confirm that no internet services like SMTP, HTTP, FTP run by default on any system. Please specifically confirm that these services do not run on Application and Database servers. Application and Data Security Measures 5 Whether care is taken to see that no net banking username and passwords or HPIN is collected/stored at merchant end? WORK PROCEDURE 6 7 8 Whether there is evidence to confirm that sufficient logs are maintained for all transactions to help establish a clear audit trail and assist in dispute resolution? Is the merchant capturing any of card details like Primary Account Number (PAN), Cardholder name, Service Code Expiration Date? If yes, then confirm Cardholder Data Environment (CDE) of merchant is PCI DSS certified. Confirm that merchant is not storing Sensitive Authentication Data as per PCI DSS i.e. Full magnetic Stripe data, CAV2/CVC2/CVV2/CID, PIN/PIN Block. Name of the Security Consultant Signature of the Security Consultant Seal 10 Signature of Tenderer

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback