The vendor is required to provide department IT staffs with hands on or online professional development training on cypher security.
 - The training should enhance the professional development of the it personnel by covering essential topics relevant to cybersecurity.
- The program must include both theoretical knowledge and practical hands-on experience to ensure a comprehensive understanding of cybersecurity tools and best practices.
- The training at a minimum must include:
• How to use common tools such as tcpdump, wireshark, and zenmap.
• Password auditing
• Network discovery and security
• Windows and Linux OS permissions management
• Firewall rule creation
• Cryptographic validation and PKI
• Must result in a certification at the intermediate level or higher in DOD 8140 cyber defense analyst.
- Cyber training services:
a. Utilization of common tools:
• Tcpdump - understanding packet capture and analysis.
• Wireshark - network protocol analyzer and troubleshooting.
• Zenmap - network discovery tool for mapping and securing networks.
• Password auditing - methods for assessing the strength and security of passwords.
b. Network discovery and security:
• Identification of network devices and configurations.
• Assessment of vulnerabilities within network infrastructure.
c. Operating system permissions management:
• Microsoft windows OS - managing user permissions and roles.
• Linux OS - understanding file permission settings and access controls.
d. Firewall rule creation - developing and implementing firewall policies to monitor and control incoming and outgoing network traffic.
e. Cryptographic validation and public key infrastructure (PKI) - understanding the principles of cryptography and the implementation of PKI within a network.
- All training materials, content, and practices must adhere to relevant industry standards, including but not limited to:
• NIST special publication 800-53 - security and privacy controls for information systems and organizations.
• ISO/IEC 27001 - information security management systems.
• CompTIA security+ certification requirements.
• Cybersecurity and infrastructure security agency (CISA) guidelines.
- Contract Period/Term: 1 year