Cybersecurity Capability Maturity Program Assessment Services

The Vendor is required to provide to conduct a series of interviews, information gathering, and assessment activities.
- The outcome of this external assessment is to help us understand the maturity of the cybersecurity program across all sites, and to gather recommendations for improvement if there are areas that are below the desired target maturity state.
- The assessment should offer an evaluation of maturity to target state, to industry benchmark, and should offer recommendations for improvement for domains that are below target maturity.
- Review previous external assessments to understand the approach, executive outputs etc. so that the deliverables can be consistent, even as the maturity framework being assessed changes.
- The product produced should include an executive report for each of the systems, a comparison to industry benchmark, and a detailed report for each system that includes the program assessment, the desired target state, and an improvement recommendation roadmap for any domains that are below target state.
- The program maturity for each CSF domain should be based on this information gathering effort, and should show maturity against desired target state.