MQ1
- Proposer must provide at least three (3) similar projects in the past five (5) years.
- Client name and type of organization (government, private corporation, etc.).
- Project start and end dates.
MQ2
- Proposed Candidates(s) and/or Resume Profile(s) must have a minimum of seven (7) years of experience in technology with PCI DSS.
MQ3
- Proposed Candidates(s) and/or Resume Profile(s) must have a current PCI DSS QSA certification and be able to provide a copy of certifications.
MQ4
- Airport will arrange for a hybrid schedule for this resource(s); however, final candidates must be able to work onsite when required. Proposed Hourly Pricing shall account for any travel expenses that may be incurred, conus guidelines.
MQ5
- Candidates must be a citizen of the United States, Canada, United Kingdom, Australia, or New Zealand with ability to work in the United States. Each resident engineer must also pass a TSA threat-assessment before they begin work at the Airport.
Task 4: PCI-DSS
- Provide Cybersecurity Professional Services to address requirements for maintaining
- Payment Card Industry – Data Security Standard (PCI-DSS) compliance. Consulting Professional
- Services includes quarterly submittal of independent monthly network scan audits and annual independent audit by a PCI-DSS Qualified Security Assessor (QSA), including a signed PCI SAQ-D for the three SFO
- Business Units in the Airport’s CDE.
Task 4 Deliverables:
- Creating and updating policies and procedures for the Payment Card Industry (PCI) Data Security Standard (DSS) 4.01
- Interviews and meetings will be conducted to ensure PCI requirements are well-understood by SFO staff and that the documented processes accurately reflect current and/or future SFO Operations.