Cybersecurity Services

The vendor is required to provide for cybersecurity innovation and outreach (CYIO) has secured funding to provide cybersecurity services to state and local government entities in state.
•    Cybersecurity assessment
•    Asset and services inventory
•    Cybersecurity incident management exercise (CIME) facilitation
1. Cybersecurity assessment
•    Reviewing the completed asset inventory and tailoring the assessment to the entity's services and systems
•    Conducting remote interviews with it, administrative, and leadership personnel
•    Using a structured assessment guide and scoring rubric aligned with national frameworks:
•    Documenting cybersecurity practices in areas such as:
o    Access controls and identity management
o    Network and system protection
o    Backup and recovery
o    Incident detection and response
o    Cybersecurity governance and planning
o    Data protection and data governance for data that is shared, stored, and utilized
o    Devices, application security, and security updates
•    Completing a standardized assessment report, including findings, observations, and high-level recommendations
•    Collaborating with the university team for QA, aggregation of assessment data, and refinement of templates
•    Optionally participating in follow-up sessions or plan development (as needed).
2. Asset and services inventory
•    Scheduling and conducting remote interviews with local it, operations, and administrative staff
•    Using a standard interview guide to collect data on:
o    IT and OT systems and infrastructure, such as hardware and software listing, and other Critical assets
o    External service providers
o    Ports, protocols, and services
o    Network diagram and system architecture documentation
o    Asset classes: devices, software, data, users, network, and documentation
•    Updating a structured asset tracker (excel or online form) with collected information, or a tool to collect and store the information collected
•    Documenting findings in a standardized summary report
•    Participating in brief team check-ins and QA reviews
•    Coordinating follow-up interviews if needed
3. Cybersecurity incident management exercise (CIME) facilitation
•    Traveling to the designated site (mileage and lodging reimbursed per university policy)
•    Leading the on-site delivery of the CIME session, typically 3–4 hours
•    Facilitating participant discussion, roleplay, and decision-making through the scenario
•    Ensuring smooth execution of the event using the provided scripts and checklists
•    Collaborating with a university team member who may be present or join remotely
•    Collecting brief feedback forms or participant comments after the event
•    Debriefing with the university team afterward to report observations or suggested improvements.

- Contract Period/Term: 1 year
- Questions/Inquires Deadline: July 28, 2025