INSPECTOR GENERAL OF REGISTRATION & CONTROLLER …opsc.gov.in/Admin/ContAttach/RFP_Application_Security... · · 2012-09-04INSPECTOR GENERAL OF REGISTRATION & CONTROLLER OF STAMPS

INSPECTOR GENERAL OF REGISTRATION & CONTROLLER OF STAMPS

Ground Floor, Opp. Vidhan Bhavan (Council Hall) New Administrative Building, Pune 411 001, Maharashtra

Ref: IGR/PuneDeskNo-3-Comp-Application Security/139-2012 dated15/3/2011

REQUEST FOR PROPOSAL (RFP) FOR THE SELECTION OF APPLICATION SECURITY

AUDIT AGENCY

2 F:\E Backup\Cyber Security Audit\RFP_Application_Security_Auditing_Agency_Final.doc

Important Information Sr. No. Events Date/Place/Time

1 Date of Issue 15/03/2012

2 Period for Issue of Tender 15/03/2012 to 06/04/2012

3 Tender Fees Rs. 1,000/- (Rs. One Thousand only)

4 Last Date for Submission of Pre-Bid Queries

27/03/2012 (in writing and also by email at [email protected])

5 Date, Time & Place of Pre-Bid Conference

29/03/2012 at 11 A.M.

Office of the Inspector General of Registration & Controller of Stamps, M.S., Pune, New Administrative Building, Ground Floor, Opp. Council Hall, Pune-411 001.

6 Last Date, Time and Place for submission of Bids

06/04/2012 till 3 P.M.


7 EMD to be submitted as part of bid As mentioned in Clause 3.6 in the RFP

8 Period of Bid Validity 180 days from the date fixed for submission of Bids, which can be extended, if required.

9 Date, Time and Place of opening of the Prequalification Documents and Technical Proposals

07/04/2012 at 11 A.M.


10 Date of opening of the Commercial Proposal

Will be informed to the bidders after opening of Technical proposals.


Contents 1. INVITATION FOR BIDS ................................................................................................................ 4

2. SCOPE OF WORK........................................................................................................................ 5

3. INSTRUCTION TO BIDDERS ......................................................................................................... 6

3.1 PRE-QUALIFICATION CRITERIA............................................................................................ 6

3.2 PROJECT TIMELINES ........................................................................................................... 7

3.3 PROJECT DELIVERABLES ..................................................................................................... 7

3.4 TECHNICAL PROPOSAL ....................................................................................................... 7

3.5 FINANCIAL PROPOSAL ........................................................................................................ 7

3.6 EMD................................................................................................................................... 7

3.7 CLARIFICATION OF BIDDING DOCUMENT ........................................................................... 8

3.8 BID SUBMISSION ................................................................................................................ 8

3.9 BID EVALUATION & SELECTION .......................................................................................... 8

3.10 AWARD AND DURATION OF THE WORK ............................................................................. 9

3.11 PERFORMANCE GUARANTEE .............................................................................................. 9

3.12 PENALTY CLAUSE................................................................................................................ 9

3.13 PAYMENT SCHEDULE........................................................................................................ 10

3.14 MODIFICATION OF SCOPE OF WORK ................................................................................ 10

3.15 BID VALIDITY .................................................................................................................... 10

3.16 RIGHT TO REJECT ANY OR ALL PROPOSALS ....................................................................... 10

3.17 RESPONSIBILITIES OF THE SELECTED BIDDER .................................................................... 10

3.18 OTHER TERMS & CONDITIONS.......................................................................................... 11

Annexure 1 – PROPOSAL COVERING LETTER .................................................................................... 13

Annexure 2 – TECHNICAL BID FORMAT ............................................................................................ 14

Annexure 3 – COMMERCIAL BID FORMAT ....................................................................................... 17

Annexure 4 – DETAILS OF THE APPLICATION TO BE AUDITED........................................................... 18


1. INVITATION FOR BIDS Department of Registration & Stamps, Government of Maharashtra has been leveraging e-Governance to improve the delivery of services to the citizens and improve the productivity and efficiency of the government. To achieve this endeavour, a number of projects such as the estepin, epayment, iSARITA, SARITA3 etc have been undertaken and some of them have been already successfully accomplished.

In this regard, Inspector General of Registration & Controller of Stamps, Maharashtra State, Pune invites Proposal from reputed Application Security Audit Agency with proven track records, for auditing the software applications developed by the department with the help of National Informatics Centre (NIC) Pune.

A complete set of Tender documents is available for download from the Department of Registration & Stamps, Government of Maharashtra website www.igrmaharashtra.gov.in. Interested eligible bidders can avail the same on payment of a non-refundable fee of Rs. 1,000/- (One Thousand only) through a Demand Draft drawn in favour of Assistant Inspector General of Registration, M.S.,Pune and payable at Pune which should be submitted along with the proposal.

Interested bidders may submit their proposal in the prescribed format as specified in Annexure 1, 2 and 3. The Agency would be selected on the basis of the bidders complying with the pre-qualification criteria and on the lowest commercial quote discovered through this tender.

The department reserves the right without any obligation or liability to accept or reject any or all of the proposals at any stage of the process, to cancel or modify the process or any part thereof or to vary any of the terms and conditions at any time, without assigning any reason whatsoever. Any type of corrigendum would be uploaded the in the Department of Registration & Stamps, Government of Maharashtra website www.igrmaharashtra.gov.in.

Inspector General of Registration & Controller Stamps, Maharashtra State, Pune


2. SCOPE OF WORK As part of the e-Governance initiatives, Inspector General of Registration & Controller of Stamps, Government of Maharashtra has developed various applications with the help of NIC. The selected bidder is expected to carry out the application security audit and vulnerability assessment for the following applications in two phases

Phases Applications Phase 1 SARITA3, iSARITA, eSearch, Index Search Phase 2 eStepin, eValuation, Website

For conducting these audits, the following minimum parameters are to be carried out: 1. Application Security Audit 2. Penetration Testing 3. Vulnerability Testing 4. Database Server Controls 5. Physical Access Control 6. Network security Review as part of Application Security 7. Application Security 8. Compliance Review 9. Performance Testing 10. Functional Testing 11. Accessibility Testing Note:

1. Application Security and Vulnerability Assessment for all the applications should be carried out in NIC office Pune.

2. Additionally, for applications which are not hosted centrally (like SARITA 3 and Index Search), two samples to be tested onsite – one in Mumbai and another in any other states in Maharashtra. For applications which are already hosted (like iSARITA, eStepin etc), testing shall also be done online. For further testing if required in vendor’s lab, images will be provided by NIC. If requested by the agency, NIC would provide the staging environment of the applications for testing.


3. INSTRUCTION TO BIDDERS

3.1 PRE-QUALIFICATION CRITERIA The bidders must be in compliance with the following eligibility criteria, without which the bid would be out rightly rejected.

S# Criteria Reference Details to be submitted

1 The bidder must be a company registered under the Indian Companies Act, 1956

Copy of Certificate of Incorporation

2 The bidder must have been empanelled by CERT-IN, having an empanelment certificate valid up to 30th April 2012.

Copy of CERT-IN empanelment certificate

3 The bidder should have been in operation for a period of at least 5 years as of 31-12-2011.

Copy of Certificate of Incorporation/Registration

4 The bidder should have had a turnover of Rs. 1 crore from IT Security Audit services in each of the last three financial Years. (2010-11, 2009-10, 2008-09)

Extract of the audited Profit / Loss statement, Balance sheet along with Certificate from Chartered Accountant

5 The bidder must have had at least 100 full time professionals in IT Security Audit domain on roll out of which at least 20 employees should have either of the following certifications - Certified Information Security Auditor (CISA)/Certified Information Systems Security Professional (CISSP) as on 31 Dec 2011.

Relevant certificate from HR of the firm mentioning the resource name and the certification.

6 The bidder should have experience of conducting at least 10 similar assignments (IT Audit/Application Audit) in Government and PSUs in India.

Copy of Contract or Completion certificate

7 The bidder should have at least one office either in Mumbai or Pune as on 31st Dec 2011.

Address and contact number of the same

should be provided


3.2 PROJECT TIMELINES

Phases Applications Maximum Timeline for Submission

of Draft Reports (First Testing Reports)

Phase 1 SARITA3, iSARITA, eSearch, Index Search 2 months Phase 2 eStepin, eValuation, Website 2 months

After submission of Draft Reports (First Testing Reports) for all the applications specified in Phase 1, the selected bidder should start with Phase 2’s applications.

3.3 PROJECT DELIVERABLES Following deliverables are expected from the selected bidder for each application as specified in the scope of work: 1. Submission of Draft Reports (First Testing Report) for Application Security Audit and

Vulnerability Assessment 2. Submission of Final Report after necessary round of testing and acceptance by the

department for Application Security Audit and Vulnerability Assessment 3. Compliance Security Certificate

3.4 TECHNICAL PROPOSAL The Technical Bid shall include bidder’s compliance with the Pre-qualification criteria and detailed project plan for executing the project. The bidder should also give details of the Project Management Methodology, Audit Standards and methodology along with the quantum of resources to be deployed for the project, qualifications, experience of personnel deployed, in the technical bid. The technical bid is required to be submitted in the format as specified in Annexure 2.

3.5 FINANCIAL PROPOSAL Following are the terms and conditions for the Financial Proposal

i. This tender is for a fixed price bid. ii. The financial proposal shall be priced in Indian Rupees. iii. The Financial proposal should be submitted as per the template specified in Annexure-

3. iv. The quote should include all taxes except service tax. v. The quotations shall be fixed and no adjustment shall be made to the contract

value for any fluctuation arising following submission of tender.

3.6 EMD An Earnest Money Deposit (EMD) of 3% of the commercial bid of the bidder in the form of Demand Draft (refundable) favouring Assistant Inspector General Registration (Desk No 7), M.S., Pune and payable at Pune from a nationalized bank must be enclosed with the EOI response. EMD of all the unsuccessful bidders will be refunded as promptly as possible but not later

than 30 days after the decision of the commercial bid is taken.


EMD of the successful bidders will be discharged only after the completion of the contract papers.

EMD shall be forfeited in the following cases:

If a bidder withdraws its bid during the period of bid validity.

In case of a successful bidder, if the bidder fails to sign the contract or to furnish the performance security.

3.7 CLARIFICATION OF BIDDING DOCUMENT Pre bid meeting is fixed for clarification in the office of the Inspector General of Registration & Controller of Stamps, Maharashtra State, Pune. In the event of any clarification/modification required and issued in writing, it shall form the part of the Tender document. Any type of corrigendum to the tender issued by the department will be uploaded in the department’s website www.igrmaharashtra.gov.in.

3.8 BID SUBMISSION Proposal shall be submitted in a sealed envelope as specified below:

i. Envelope 1: Tender Fees, Covering Letter, Compliance with Pre-qualification criteria and necessary supportings, Technical details such detailed project plan, Project Management Methodology, Audit Standards and methodology along with the quantum of resources to be deployed for the project with their qualifications & experience shall be enclosed in the sealed envelope super-scribing “Technical Proposal for the selection of Application Security Audit Agency.”

ii. Envelope 2: EMD and Commercial Bid shall be enclosed in the sealed envelope super-scribing as “EMD and Financial Proposal for the selection of Application Security Audit Agency.”

iii. The above two sealed envelopes should be submitted in one master envelope in sealed condition super-scribing “Proposal for the selection of Application Security Audit Agency” to the office of the Inspector General of Registration & Controller of Stamps, Ground Floor, Opp. Vidhan Bhavan (Council Hall), New Administrative Building, Pune 411 001, Maharashtra.

3.9 BID EVALUATION & SELECTION A two-stage procedure, (that is, Evaluation of Pre-qualification criteria and Financial Bid) will be adopted for evaluation of proposals. The process for evaluation of proposals is given below:

i. Evaluation of Pre-qualification Criteria: Preliminary scrutiny of the Proposals for eligibility will be done to determine whether the Proposals are complete and meeting all the pre-qualification criteria. Proposals not conforming to any of the Prequalification criteria (as specified in clause 3.1) shall be out rightly rejected.

ii. Evaluation of Financial Bid: Only those bidders who comply with the Pre-qualification criteria should be eligible for Financial Bid evaluation. The evaluation of the financial bids shall be carried out considering the total cost of the project as per the template specified in Annexure 3.

iii. Selection of the Agency: The Agency would be selected on the basis of the lowest total commercial quote (L1) discovered through this tender.


3.10 AWARD AND DURATION OF THE WORK On acceptance of Proposal for awarding the contract, Inspector General of Registration & Controller of Stamps, M.S. Pune will notify the successful bidder in writing that their proposals have been accepted. The successful bidder shall sign an agreement with the department within 15 days from the issue of the work order. After signing of the agreement, no variation in or modification of the term of the agreement shall be made except by written amendment signed by the parties. The successful bidder will be given a time of maximum 30 days from the issue of the work order to start the work, failing which the project will be awarded to the second lowest commercial quote (L2) and so on. The successful bidder is expected to submit the Draft Report (First Testing Report) within a maximum timeline of 4 months from the commencement of work.

3.11 PERFORMANCE GUARANTEE The successful bidder shall be required to make a Security Deposit towards Performance Guarantee in the form of a Bank Guarantee for an amount equal to 10% of its commercial bid. The proceeds of the performance security shall be payable to the department as

compensation for any loss resulting from the Bidder’s failure to complete its obligations under the Contract.

The Performance Security shall be denominated in Indian Rupees and shall be in the following form : A Bank guarantee issued by a nationalized bank in India within 7 days after the issue

of the work order. The validity of the Performance Security will be till the contract period of the selected

bidder with the department. The Performance Guarantee will be forfeitable for non-performance.

3.12 PENALTY CLAUSE The successful bidder is expected to submit the Draft Report (First Testing Report) within a maximum timeline of 3 months from the commencement of work for all the applications. In case any delay solely on account of selected bidder’s fault, a penalty of 5% will be imposed for delay of every week or part thereof, subject to a maximum of eight (8) weeks’ delay from the scheduled target date. Beyond a delay of eight (8) weeks, the department reserve the right to either terminate the project or ask the selected bidder to complete the project without any extra fee.

a. In the event of the department deciding to continue the project, the penalty so computed based on the number of weeks’ of actual delay will be deducted from the balance fee payable to the selected bidder.

b. In the event of the department deciding to terminate the project, the selected bidder will have to pay the penalty so computed based on the number of weeks’ of actual delay, failing which the department reserves the right to invoke the bank guarantee submitted by the selected bidder.


3.13 PAYMENT SCHEDULE Sr. No. Stages Payment

1 Submission of Draft Reports (First Testing Report) 50% of the total project cost

2 Submission of Final Report after necessary round of testing and acceptance by the department 30% of the total project cost

3 Issuance of Compliance Security Certificate 20% of the total project cost

i. The above payment schedule should be applicable for each phases of the project as

specified in the scope of work. ii. TDS will be deducted at source for any payment made, as per rules of Government

of India. iii. Department will neither provide nor reimburse expenditure towards Out of Pocket

(OPE) expenses.

3.14 MODIFICATION OF SCOPE OF WORK The department may at any time, by a written order given to the Bidder, make changes to the scope of the Contract as specified. If any such change causes an increase or decrease in the cost of or the time required for the Bidder’s performance of any part of the work under the Contract, whether changed or not changed by the order, an equitable adjustment shall be made in the Contract Value or time schedule, or both, and the Contract shall accordingly be amended. Any claims by the Bidder for adjustment under this Clause must be asserted within ten (10) days from the date of the Bidder’s receipt of the department’s changed order.

3.15 BID VALIDITY The offers should be valid for 180 days from the date of closing of the tender.

3.16 RIGHT TO REJECT ANY OR ALL PROPOSALS Notwithstanding anything contained in this RFP, the department reserves the right to accept or reject any Proposal, at any time without any liability or any obligation for such acceptance, rejection or annulment, and without assigning any reasons thereof.

3.17 RESPONSIBILITIES OF THE SELECTED BIDDER The audit agency shall ensure that: 1. Audit should be carried out strictly in accordance with the terms and conditions stipulated

in the audit assignment contract as well as general expectations of the auditee from an auditor.

2. All applicable codes of conduct and auditing standards are adhered to with due professional care.

3. One hardcopy and one softcopy of all deliverables should be submitted to the department.

4. The selected vendor will ensure that the audit assignments are carried out in accordance with applicable best industry guidelines and standards. NIC guidelines should be taken as a minimum standard for executing the assignment.


3.18 OTHER TERMS & CONDITIONS a. The end product of the work assignment carried out by the selected bidder, in any

form, will be the sole property of the department. b. Subcontracting/Outsourcing of work: Outsourcing / subcontracting of work will not

be permissible in any form. The selected bidder after the award of the contract, pursuant to this RFP shall not subcontract, transfer, or assign any portion of the contract and if awarded a contract pursuant to this RFP, the selected vendor shall be the solely and wholly responsible to perform the work. Subcontracting/outsourcing will lead to termination of contract and forfeiture of Performance Guarantee.

c. The selected bidder shall perform the services and carry out its obligations under the contract with due diligence and efficiency, in accordance with generally accepted techniques and practices used in the industry and shall observe sound management practice. It shall employee appropriate advanced technology and safe and effective methods. The selected bidder shall always act, in respect of any matter relating to this Contract, as faithful advisors to the department and shall at all times, support and safeguard the department’s legitimate interests.

d. Force Majeure: If the performance as specified in this order is prevented, restricted, delayed or interfered by reason of: Fire, explosion, cyclone, floods War, revolution, acts of public enemies, blockage or embargo Any law, order, proclamation, ordinance, demand or requirements of any

Government or authority or representative of any such Government including restrict trade practices or regulations.

Strikes, shutdowns or labour disputes which are not instigated for the purpose of avoiding obligations herein, or

Any other circumstances beyond the control of the party affected then notwithstanding anything here before contained, the party affected shall be excused from its performance to the extent such performance relates to prevention, restriction, delay or interference and provided the party so affected uses its best efforts to remove such cause of non-performance and when removed the party shall continue performance with utmost dispatch.

e. Arbitration: The matter regarding any dispute shall first be sorted out at the level of Deputy Inspector General of Registration-IT (DIG-IT). If the dispute persists to remain unresolved, then it will be entertained, heard & finalised as per the provisions of the Arbitration and Conciliation Act, 1996. The arbitrator will be the Inspector General of Registration & Controller of Stamps whose decision shall be final and binding on the bidder. The bidder shall raise this dispute or difference within 30 days from the date of its arising. This contract will be governed by the Indian Laws and the disputes not resolved at the arbitration level will be heard and proceeded in the High Court of Mumbai.

f. Confidentiality: During the execution of the project except with the prior written consent of the department the agency and its personnel shall not at any time communicate to any person or entity, any confidential information acquired in the course of the auditing. All recipients of tender documents, whether they submit a tender or not, shall treat the details of the documents as private and confidential. Copyright in the documents prepared by the bidder is reserved to the department.


The agency shall ensure that his employees, servants, agents and sub-contractors keep confidential all information in whatever form it is obtained, produced or derived from or related to the carrying out of its obligations under this terms and conditions as well as the Contract with the department.


Annexure 1 – PROPOSAL COVERING LETTER

To,

Inspector General of Registration & Controller of Stamps,

Maharashtra State, Pune

Subject: Request for Proposal (RFP) for the selection of Application Security Audit Agency Reference: No:

Dear Sir,

Having examined the tender documents, we, the undersigned, offer to provide the said services in conformity with the terms and conditions specified in the RFP and attached our Technical and Commercial Proposal as per the template specified.

We hereby declare that all the information and statements made in this proposal are true and accept that any misrepresentations contained in it may lead to our disqualification.

We would like to clearly state that we qualify for this work as our company meets all the pre qualification criteria indicated on your tender document. The details are as under.

We hereby declare that our company has not debarred/black listed by any Government/Semi Government/Private organizations. I further certify that I am the competent authority in my company authorized to make this declaration.

Unless and until a formal agreement is prepared and executed this proposal together with your written acceptance thereof shall constitute a binding contract between us and shall be deemed for all purposes to be the contract agreement. We understand that you are not bound to accept any proposal you receive.

Yours sincerely,

Authorized Signatory (in full & initials):

Name and Title of Signatory:

Duly authorized to sign the bid for and on behalf of:

Address

Dated on _____ day of ___________


Annexure 2 – TECHNICAL BID FORMAT

I General Information

Sr. No. Items Details

Name of the Company

Address

Telephone No. (with STD code)

1 Details of the

Company

Fax No.

Name

Mobile No.

2 Authorised Person

Email id

II Pre-qualification Criteria

Sr. No. Criteria Yes/No Details

Page No. (Give Page reference where proof is

given)

1 The bidder must be a company registered under the Indian Companies Act, 1956

2 The bidder must have been empanelled by CERT-IN, having an empanelment certificate valid up to 31st March 2012.

3 The bidder should have been in operation for a period of at least 5 years as of 31-12-2011.

4 The bidder should have had a turnover of Rs. 1 crore from IT Security Audit services in each of the last three financial Years. (2010-11, 2009-10, 2008-09)


Sr. No. Criteria Yes/No Details

Page No. (Give Page reference where proof is

given)

5 The bidder must have had at least 200 full time professionals in IT Security Audit domain on roll out of which at least 20 employees should have either of the following certifications - Certified Information Security Auditor (CISA)/Certified Information Systems Security Professional (CISSP) as on 31 Dec 2011.

6 The bidder should have experience of conducting at least 10 similar assignments (IT Audit/Application Audit) in Government and PSUs in India.

7 The bidder should have at least one office either in Mumbai or Pune as on 31st Dec 2011.

III Technical Details

Sr. No. Items Details required

1 Project Plan A detailed project plan should be mentioned in the proposal.

2 Project Management Methodology, Audit Standards and methodology

A detailed approach & methodology for undertaking the assignment should be specified in the proposal.

3 Resources No. of resources to be deployed along with their qualification and experience should be specified.

4 Description of Past experience To be specified as per the format below

Citation Format

Assignment Name Approx. Value of the Contract (Rs):

Country:

Location within Country:

Duration of assignment (months):


Name of Client: Start Date (month/year):

Completion Date (month/year):

Narrative Description of the Project:

Description of actual services provided in the assignment:


Annexure 3 – COMMERCIAL BID FORMAT

Sr. No. Phases

Cost for Application Security Audit & Vulnerability

Assessment (Operating system, Database & Web

Server) (in Rs.)

1 Phase 1 (SARITA3, iSARITA, eSearch, Index Search)

2 Phase 2 (eStepin, eValuation, Website) TOTAL COST

Authorized Signatory (in full & initials):

Name and Title of Signatory:

Name of the Firm:

Address

Note: The bidder should consider the following while providing their quote:

The quote should include all taxes except service tax.

The Agency would be selected on the basis of the lowest commercial quote (L1) discovered through this tender.

The department reserves the right to allocate the work to the selected agency phase wise or together as a whole, however, only one agency should be selected for the entire work (for both Phases 1 and 2).


Annexure 4 – DETAILS OF THE APPLICATION TO BE AUDITED

1 Organization Name & Address Department of Registration, Office of Inspector General of Registration & Controller of Stamps, (IGRO), Govt. of Maharashtra, Pune.

2 Application Description Online token booking, Annual Rate Display, statics contains of web site modification, updation, Dynamic contains of web site, addition, updation & deletion

3 i.

Where the target application is hosted?

ii.

Whether accessible remotely from Internet?

iii.

URL of the application for Staging and/or Production Server.

Hosted @ NIC domain

Yes

http://igrmaharashtra.gov.in

Except iSARITA and SARITA 3

4 Operating System

(e.g. Windows2003, AIX, Solaris etc)

Windows 2003 R2 / 2008

Windows 7

Open SUSE Linux 11.4

5 Web/Application Server with version

(e.g. IIS 5.0, Apache, Tomcat etc.)

IIS 6.0 / IIS 7.0

6 Server side scripts

(e.g. asp, jsp, php etc.)

ASP.NET 2.0

7 Database at backend

(Oracle, MS SQL, MySQL etc.)

MS SQL 2005 &PostgreSQL 8.4

8 Database access type

(Read Only, Read/Write)

Read/Write

9 Type of cryptography used for storage and transmission of data and credentials.

No Cryptography is used while web contains transmission but for credentials MD5 with salt is used.

10 Type of Authentication (Basic/Form Based/Certificate Based) used

Basic (Custom developed)

11 Authorization: No. of roles and type of privileges for the different roles.

Public : View

Dept. Users : Modify / View

Admin : Update/delete/insert/view

12 Provision of ecommerce. Payment gateway No


13 Brief description about security functions or mechanisms used in the application. (e.g. Authentication, Authorization, Input Data Validation, Exception handling, audit and logging, session management, sensitive data handling etc.)

Web Security Audit completed. The Authentication, Authorization, Input Data Validation, Exception handling, audit and logging, session management, sensitive data handling etc has been taken care.

14 Site users (Closed user group and/or open to public)

Open to Public.

Department Users

Web Administration

15 Whether the site contains any content management module? Which module?

No

16 Total Size of the Website in MB and in no. of pages

155MB , Around 100 pages

17 Total no. of form fields are there in the user input pages.

Around 600 fields

18 Availability of documentation such as SRS, Manual etc. (May be enclosed, if available)

SRS, User Manual & online help

1.How many servers are there in the target Network?

Every SRO is having LAN. LAN consists of one server and two desktops. At present LAN is isolated from any network. However shortly it will be in MPLS VPN of IGRO. Web portal is in NDC of NIC, Pune.

2. What are the operating systems used? How many servers in each type?

No OS No of servers

Comments

1 Windows 2003 (Application Server)

1 In NIC, Pune Website “igrmaharashtra.gov.in” is hosted on this server

2 Windows 2003 (Database Server) Open SUSE Linux 11.4

1 In NIC, Pune Database of eStepin, eASR, eSearch is on this server

3 Linux (Open SUSE) 1 At each SRO. All devices in LAN are having fixed IP. SA & VA will be done at two SROs.

4. Windows 2007 2 Desktop at each SRO 3.What are the network/security devices in the target network? (MPLS VPN of IGRO)

(Network is under revision)

No IP Enabled devices No of Devices Comments 1 Routers 2


2 Switches 5

3 Firewalls 2

4 IDS 2

5 4. Name version, type and OS of network devices routers/switches


No IP Enabled devices Model and Version Comments 1 Router CISCO ASR 1000 2 Switches CISCO GSR 12410

5.Name version, type and OS of security devices firewalls/IDS/IPS


No IP Enabled devices Model and Version Comments 1 FIREWALL Checkpoint 5070 2 IPS / IDS McAfee 3 4 6. What are the applications/services running?

No Name of the Server Applications/Services OS 1 Application Server IIS Windows 2 eStepin Windows

3 ASR Windows

4 Website http://igrmaharashtra.gov.in/ 5 7.Are there servers accessible from Internet? Yes

8.If yes, name the applications/services/servers accessible from the Internet

No Name of the Server Applications/Services OS 1 Application Server http://igrmaharashtra.gov.in/ Windows 2 3 4


5

9.Name the applications/services/servers accessible from the Intranet? Yes


No Name of the Server Applications/Services OS 1 application http://10.168.105.6 Windows 2 3 4 5

10.Are there access lists in routers/switches? Yes

11.Is remote access to the network (Dial-in/VPN etc.) allowed? NIC VPN (If yes give details)