The City of Santa Monica is inviting qualified firms to provide Cybersecurity Managed Services in order to enhance the security of the City's network, systems, and applications.
Background
The City of Santa Monica is seeking qualified firms to provide Cybersecurity Managed Services to enhance the security of its network, systems, and applications. The City operates a complex IT environment with approximately 8,000 devices/IPs and a hybrid infrastructure that supports critical services for residents and businesses. As cyber threats grow in sophistication, the City aims to proactively safeguard its digital infrastructure and minimize exposure to potential cyberattacks. Proposals should outline comprehensive approaches to assessing security risks, identifying vulnerabilities, and implementing effective remediation strategies.
Work Details
The selected vendor will deliver comprehensive cybersecurity services including:
1. **Penetration Testing Services**: Annual service involving internal network penetration testing (approximately 8000 devices/IPs), wireless network testing, and reporting on findings with remediation recommendations.
2. **Cybersecurity Assessment**: A multi-phase assessment covering all City departments focusing on identifying key cybersecurity risks and providing mitigation strategies.
3. **Cybersecurity Tabletop Exercises**: Conducting annual exercises with key City departments to simulate real-world cybersecurity incidents.
4. **Disaster Recovery and Incident Response**: Ongoing support including reviewing and updating the Disaster Recovery Plan and developing an Incident Response Plan.
5. **Risk Management**: Developing a Third-Party Risk Management Program to assess risks associated with external vendors.
6. **Vulnerability Management Services**: Managing the City's Vulnerability Scanning system and providing detailed remediation guidance.
7. **Optional Services**: Web application penetration testing, security policy review, cybersecurity training management, and grant management assistance.
Period of Performance
The contract will be for an initial term of five (5) years with two (2) options for renewal of one (1) year each at the City's discretion.
Place of Performance
Services will be performed within the City of Santa Monica.
Bidder Requirements
Firms must have a minimum of five (5) years of experience in providing managed cybersecurity services, particularly for government entities. Staff must include qualified cybersecurity professionals with relevant certifications such as CEH, OSCP, or CISSP. Proposals should demonstrate experience with municipal governments or public sector agencies, knowledge of regulatory compliance requirements, methodologies for core services, and familiarity with applicable cybersecurity standards.
