Cybersecurity Assessments and Services

Background
The Maryland Department of General Services (DGS OSP), on behalf of the Maryland Department of Information Technology (DoIT), is issuing this Request for Proposals (RFP) to procure cybersecurity assessment services. This initiative aims to fulfill Maryland law requirements mandating regular cybersecurity assessments for Executive Branch agencies. It supports DoIT's mission to safeguard digital assets and ensure resilient government operations.

Work Details
The Contractor will conduct approximately ninety (90) cybersecurity assessments over a 24-month period, determining each unit's overall security posture and maturity. Assessments will utilize the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) as the standard measurement framework. The Contractor is responsible for scoping each assessment, conducting interviews, assessing documentation, rating maturity levels, and presenting findings and recommendations.

Deliverables include an Evaluation Standards Guide for consistent scoring, real-time reporting dashboards compatible with the State’s Governance, Risk, and Compliance (GRC) platform, and integration of historical assessment data into reporting deliverables. The Contractor must also develop a comprehensive Quality Assurance process to ensure high-quality deliverables.

Period of Performance
The contract duration is two (2) base years with one (1) option period of two (2) years.

Place of Performance
The primary place of performance is the Contractor’s location and possibly at various locations throughout the State of Maryland.

Bidder Requirements
An overall Minority Business Enterprise (MBE) subcontract participation goal of 15% has been established for this procurement. Additionally, there is a Veteran-Owned Small Business Enterprise (VSBE) participation goal of 3%. Offerors must demonstrate knowledge of NIST-based cybersecurity assessments and prior experience conducting similar assessments.