Copyright © 2026 RFPPlanet. All rights reserved.
Privacy Policy
Cookie settings
Terms of Use
The vendor is required to provide cybersecurity maturity model certification and accredited, qualified, CMMC third-party assessor organizations (c3pao) for a wide variety of cybersecurity services related to CMMC certification including but not limited to comprehensive CMMC pre-assessments, CMMC level 1 and level 2 assessments, and other related CMMC compliance and remediation services.
- Performance requirements and general requirements:
1. DFARS compliance with NIST SP 800-171 standard and cybersecurity maturity model (CMMC) consulting services:
• Conduct on-site or virtual visits to review a cybersecurity assessment that includes a gap analysis, plan of action and milestones (POA&M), incident response plan, vulnerability baseline system scan, and a cybersecurity plan.
• Provide clients with strategic roadmap to implement a POA&M and remediate significant gaps to comply with CMMC.
• Identify and develop policy documents utilizing authorized policy templates and tools
• Conduct virtual visits with client’s IT managers, c-suite, and other personnel to craft and develop required CMMC policy documents
• Train client’s employees on new IT policies and ensure their adoption across the organization
• Provide a pre-audit assessment for programs and clients prior to an official audit by a third-party assessor organization (c3pao)
2. CMMC level 1 or 2 and remediation services may consist of but are not limited to the following:
• Implement the securing of controlled unclassified information (CUI) through leveraging microsoft office 365 GCC-high or another enclave method
• Advice on and implement of procedures for securing physical spaces of clients in single or multiple locations
• Provide project management to close the gaps within the prescribed time period, either by guiding university resources or assisting in the development
• Identify all required documents needed to be written and provide templates
• Create cybersecurity policies and procedures in accordance with applicable cybersecurity requirements
• Implement externally based penetration testing services
• Any additional cyber remediation services that corelates to CMMC standards should be included.
- Contract Period/Term: 1 year
- Optional Pre-Proposal Conference Date: September 30, 2025
- Questions/Inquires Deadline: October 03, 2025
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
