Open nalinimartinez opened 6 years ago
This will have to be determined in collaboration with the JAB. It should be the standard 1/3 controls plus the default set. There are no agency-specific controls.
We estimate no more than 10 SCRs, with variable level of effort. We don’t have the exact changes planned this far in advance - the idea would be to scope out each change as needed.
Vulnerabilities identified in our last annual assessment in our SAR, which have been remediated and will likely need 3PAO validation as part of the next annual assessment:
3.1. Penetration testing vulnerabilities: 2 3.2. Vulnerability scanning vulnerabilities: 7 3.3. Control vulnerabilities: We don’t have this as a separate category - each vulnerability has an associated control. 3.4. Manual Testing vulnerabilities: 17
We scan all VMs in the system using automated scanners (Nessus and OWASP ZAP).
This will have to be determined in collaboration with the JAB.
No
We have 13 dynamic web applications. Most of these are internal deployments of open source web applications, such as Kibana, Concourse, Prometheus, and Grafana.
About 135
Question
Name and affiliation Nalini Martinez Director, Sales Kratos SecureInfo Voice: 703.668.1012 Nalini.Martinez@KratosSecureInfo.com
I am a director of sales working for Kratos and will be acting as the interface for communication between Kratos and GSA.
Section of RFQ documents RFQ #1322561: Section 3.0 (Requirements)
Questions