Cybersecurity Risk Assessment Services

The Vendor is required to provide cybersecurity risk assessment was previously completed in late 2024/early 2025 via k24-0085-29 and awarded to enterprise risk management, Inc., dba ERM protect, on 06/28/2024 in the amount of $45,000.00.
- Cybersecurity risk assessment
•    Measure the judiciary’s implemented controls and practices against the NIST CSF version 2.0 control categories to include:
o    Govern,
o    Identify,
o    Detect,
o    Protect,
o    Respond, and
o    Recover.
•    Conduct a cybersecurity framework (CSF) implementation tiers assessment on the degree to which overall cybersecurity risk management practices are incorporated into information technology processes and improvements made since the last assessment was performed. 
•    The implementation tiers include:
o    Partial,
o    Risk-informed,
o    Repeatable, and
o    Adaptive.
•    Perform a mapping matrix of the NIST standards being met and link those standards to the most recent version of:
o    NIST 800-171 controls, and
o    NIST 800-53 controls.
•    Conduct a review of NIST assessment data from previous years to perform a gap analysis and measure year-over-year performance and build upon previous year assessment results.
•    Validate the existence and effectiveness of cybersecurity controls through documentation review, interviews, questionnaires, and supporting evidence rather than solely relying on policy review.
- Assessment methodology
•    Staff and personnel interviews,
•    Questionnaires,
•    Requests for documentation,
•    Specific support evidence,
•    Workbooks,
•    Reports, and
•    Other pertinent information relevant to the assessment.

- Intent to Bid Due Date: April 13, 2026