Cybersecurity Assessment Services

The vendor is required to provide cybersecurity assessment, developing a roadmap for future improvements, and providing technical guidance appropriate to a public-sector government entity.
- Cybersecurity program including, but not limited to:
• Device level security for equipment such as routers, switches, wireless infrastructure, cameras, and printers;
• OS level security including local security policies, group policy, and patch management;
• Network security such as firewall and content filtering;
• Application-level security for line of business applications;
• Disaster recovery and continuity of operations;
• Physical security
- Perform an analysis of current IT policies and procedures:
• Identify deficiencies in existing policies and procedures;
• Identify policies and procedures that are lacking;
• Provide samples of policies and procedures that are needed
- Recommend priorities and items for improvement to the cybersecurity program.
- The successful firm will be responsible for designing and executing a comprehensive methodology to reassess the borough’s current cybersecurity safeguards based on the NIST CSF 2.0 framework.
- The assessment approach must include, but is not limited to, interviews with IT personnel and key system users, a thorough review of existing technical infrastructure, and an analysis of security measures implemented after agency 2021 cybersecurity assessment.
- The IT department contracts with a dedicated third-party security operations center (SOC) for the purposes of managed risk and response.
- A basic continuity of operations plan (COOP) exists for the agency but this plan does not specifically address cybersecurity incident response.
- Contract Period/Term: 5 years
- Pre-Proposal Conference Date: July 9, 2025
- Questions/Inquires Deadline: July 18, 2025