RFQ 25-03351 for Cybersecurity Health Checks
ID: BD-26-1060-ITD00-ITD00-122000 • State: Massachusetts
Opportunity Assistant
Loading
Description
Background
The Commonwealth of Massachusetts, through the Executive Office of Technology Services and Security (EOTSS), is issuing this Request for Quotation (RFQ) to solicit bids from qualified ITS78 Vendors for participation in the Cybersecurity Health Check program.
The program aims to assist local government agencies in assessing their cybersecurity posture and enhancing their data protection measures. The EOTSS oversees IT policy development and implementation for over 125 state agencies, providing essential digital and security services.
Work Details
Vendors are invited to provide various cybersecurity health check services at no cost to the Commonwealth. The services include:
1. **Vulnerability Scans & Assessments**:
- AD Hygiene Assessment & Asset Report Card: Identify security defects in Active Directory configurations.
- Cloud Security Assessment: Review configurations for Microsoft 365 or other SaaS platforms.
- Data Breach & PII Liability Assessment: Summarize data breach liabilities.
- Firewall Configuration Assessment: Ensure firewall compliance with best practices.
- External Vulnerability Scan: Identify vulnerabilities from an external perspective.
2. **Process, Policy & Procedural Assessments**:
- Data Loss Prevention Assessment: Evaluate DLP software effectiveness.
- Disaster Recovery Plan Creation: Develop procedures for disaster recovery.
- IT Asset Inventory: Assist in creating an IT asset inventory template.
3. **General Services**:
- G-Suite Security Assessment: Review G-Suite security settings.
- Vendor Risk Management: Assess cloud vendor risks through external scans.
Period of Performance
The contract will commence upon award and run through June 30, 2028, with potential extensions based on mutual agreement.
Place of Performance
Services will be performed primarily within the Commonwealth of Massachusetts, specifically targeting local government agencies participating in the Cybersecurity Health Check program.
Bidder Requirements
Bidders must be current vendors on the ITS78 Statewide Contract. They are required to provide a minimum of 10 individual services throughout the program duration and adhere to privacy and data retention policies as specified by the Commonwealth.
The Commonwealth of Massachusetts, through the Executive Office of Technology Services and Security (EOTSS), is issuing this Request for Quotation (RFQ) to solicit bids from qualified ITS78 Vendors for participation in the Cybersecurity Health Check program.
The program aims to assist local government agencies in assessing their cybersecurity posture and enhancing their data protection measures. The EOTSS oversees IT policy development and implementation for over 125 state agencies, providing essential digital and security services.
Work Details
Vendors are invited to provide various cybersecurity health check services at no cost to the Commonwealth. The services include:
1. **Vulnerability Scans & Assessments**:
- AD Hygiene Assessment & Asset Report Card: Identify security defects in Active Directory configurations.
- Cloud Security Assessment: Review configurations for Microsoft 365 or other SaaS platforms.
- Data Breach & PII Liability Assessment: Summarize data breach liabilities.
- Firewall Configuration Assessment: Ensure firewall compliance with best practices.
- External Vulnerability Scan: Identify vulnerabilities from an external perspective.
2. **Process, Policy & Procedural Assessments**:
- Data Loss Prevention Assessment: Evaluate DLP software effectiveness.
- Disaster Recovery Plan Creation: Develop procedures for disaster recovery.
- IT Asset Inventory: Assist in creating an IT asset inventory template.
3. **General Services**:
- G-Suite Security Assessment: Review G-Suite security settings.
- Vendor Risk Management: Assess cloud vendor risks through external scans.
Period of Performance
The contract will commence upon award and run through June 30, 2028, with potential extensions based on mutual agreement.
Place of Performance
Services will be performed primarily within the Commonwealth of Massachusetts, specifically targeting local government agencies participating in the Cybersecurity Health Check program.
Bidder Requirements
Bidders must be current vendors on the ITS78 Statewide Contract. They are required to provide a minimum of 10 individual services throughout the program duration and adhere to privacy and data retention policies as specified by the Commonwealth.
Loading Map
Loading Map
Overview
Opportunity Type
Open Market
Opportunity ID
BD-26-1060-ITD00-ITD00-122000
Response Deadline
Nov. 7, 2025
Past Due
Date Posted
Oct. 17, 2025
Est. Value Range
Experimental
$500,000 - $2,000,000
(AI estimate)
Agency Distribution
High
Source
On 10/17/25 Executive Office of Technology Services and Security in Massachusetts issued Open Market Cybersecurity Health Checks with ID BD-26-1060-ITD00-ITD00-122000 due 11/7/25.
Contacts
Documents
Posted documents for RFQ 25-03351 for Cybersecurity Health Checks
Opportunity Assistant
AI Analysis
Additional Details
Alternate ID
PCR-25-03351
Source Department
ITD0001 - Executive Office of Technology Services and Security
Source Location
ITD00 - TSS General
Info Contact
Contact Shawn Johnson at (617) 626-4593