Security Assessments Services

The Vendor is required to provide a security assessment is a measurement of the security posture of a system or organization.
- Security assessment is a consultative service and includes passive review, hands-on examination, and/or application and infrastructure testing.
- Information learned through the security assessment may be used to meet Federal, State, or other requirements and influence Information Technology (IT) decisions.
- Supplier will have a wide breadth of topical knowledge, access to specialized toolsets, and an economy of scale making available the best staff to perform the services necessary including:
•    Security assessment methodologies and best practices
•    Multiple security regulations and frameworks
•    Federal and State compliance
•    Employing technical and non-technical testing and analysis methodologies
•    Ability to test a multitude of technologies including cloud, on premise, network, infrastructure, and application
•    Measuring and reporting risk
•    System and Security Plans (SSP)
- These activities include an independent security assessment of selected controls.
- Assessment has historically been performed by an internal analyst, but this approach is unable to support the level of knowledge required to perform this service.
- Overall methodology and capability for performing security assessments
- Application of industry acceptable auditing standards, including but not limited to:
•    Assessments done by industry acceptable certified and trained auditors
•    Independently performed audits
•    Proficient in requesting artifacts which are sufficient to support assessment needs
•    Can quickly understand entities environment in order to assess risk.

- Contract Period/Term: 3 years
- Intent to Respond Date: November 21, 2025
- Questions/Inquires Deadline: November 26, 2025