LIPA is requesting quotations from qualified cybersecurity vendors to conduct a comprehensive penetration testing assessment of PSEGLI's Enterprise and Operational Technology (OT) environments. The engagement includes: (a) External Network Penetration Test - assessing public-facing systems and services hosted on-prem and in the cloud, identifying vulnerabilities exploitable from the internet, attempting controlled exploitation to validate risk, testing up to 100 IPs and a single principal DNS domain, performed remotely during business hours (Eastern Time); (b) Internal Network Penetration Test - simulating an attacker with internal network access, testing segmentation between corporate IT and OT networks, evaluating Active Directory and identity management security, covering more than 1,000 active IPs primarily Windows-based assets, may be conducted remotely using a vendor-provided virtual machine in bridged mode; (c) Wireless Network Penetration Testing - performed during business hours (Eastern Time), covering 1 location with 2 SSIDs, may be performed remotely using a portable Wi-Fi testing appliance; (d) Web Application Testing - conducting OWASP Top 10-based testing on critical web applications including customer portals, billing systems, and SCADA web interfaces; (e) Operational Technology (OT) Security Assessment - reviewing ICS/SCADA systems for exposure and vulnerabilities, validating network isolation and remote access controls, conducting non-disruptive testing in coordination with operations staff. The objective is to identify vulnerabilities, assess risks, and provide actionable recommendations to strengthen cybersecurity posture. All testing must be conducted in a non-disruptive manner with pre-approved scheduling. Vendor must sign an NDA and comply with all applicable laws, regulations, and industry standards. All findings and reports are the sole property of The Long Island Power Authority. PSEGLI maintains a primary and secondary (disaster recovery) site, and the scope includes systems and applications located at both sites.