IT Security Assessment Services

The Vendor is required to provide information security risk assessment services, using standard frameworks and controls including, but not limited to acts and institute.
- Conduct Enterprise-Wide Assessments
•    May be annual (frequency not yet finalized).
•    Cover all major systems, applications, and data environments.
- Support CMMC/CUI Compliance
•    Assess and advise on Cybersecurity Maturity Model Certification (CMMC) requirements.
•    Ensure proper handling and protection of Controlled Unclassified Information (CUI).
•    Align with DoD and federal contractor standards.
- Deliverables May Include:
•    Risk assessment reports
•    Gap analyses
•    Validate that vulnerabilities and risks identified have been sufficiently mitigated.
•    Remediation recommendations
•    Compliance roadmaps
•    Executive summaries for leadership
•    Produce the necessary assessment documentation as required to fulfill external obligations (e.g., CMMC certification).

- Contract Period/Term: 5 years
- Questions/Inquires Deadline: October 13, 2025