Cybersecurity Audit Services

The vendor is required to provide cybersecurity firm to assess the current cybersecurity posture of the tribal governments IT environment.
- This would involve identifying vulnerabilities and risks within the environment, providing actionable recommendations to enhance security, and ensuring compliance with relevant federal, state, and tribal regulations.
•    Conduct a pre-audit planning meeting with key stakeholders, reviewing existing it policies, procedures, and documentation
•    Technical assessment
o    Perform vulnerability scanning and penetration testing
o    Assess network architecture, firewalls, and endpoint security
o    Evaluate cloud services, remote access, and mobile device security
•    Policy and compliance review
o    Review of cybersecurity policies and procedures
o    Assess compliance with NIST, HIPAA, PCI-DSS, CJIS, and other relevant standards
o    Evaluate incident response and disaster recovery plans
•    Social engineering assessment
o    Conduct phishing simulations and social engineering tests.
o    Evaluate employee awareness and training effectiveness
•    Reporting and recommendations
o    Provide a detailed report of findings, including risk ratings
o    Deliver prioritized recommendations for remediation
o    Present findings to tribal leadership and IT staff.

- Questions/Inquires Deadline: August 19, 2025