Security Assessments
ID: S-1708 DES-25
• State: Wisconsin
Opportunity Assistant
Loading
Description
Background
The Wisconsin Department of Health Services (DHS) is seeking proposals for a security assessment Supplier to award a contract based on the results of this Request for Proposal (RFP). The DHS's mission includes ensuring the security and privacy of its information systems, particularly the Client Assistance for Re-Employment and Economic Support (CARES) system. This system requires annual security assessments as mandated by the Centers for Medicare and Medicaid Services (CMS). This RFP aims to engage a qualified Supplier who can provide comprehensive security assessment services that align with federal and state compliance standards.
Work Details
The Supplier will conduct an annual security assessment of DHS’s CARES system, which includes:
- Utilizing methodologies and best practices for security assessments.
- Conducting passive reviews, hands-on examinations, and application/infrastructure testing.
- Employing technical and non-technical testing methodologies across various technologies including cloud, on-premise, network, infrastructure, and applications.
- Measuring and reporting risks associated with the system.
- Ensuring compliance with NIST Special Publication 800-53 standards and CMS’s Framework for Independent Assessment of Security and Privacy Controls.
- Creating Statements of Work (SOW) for all engagements under this RFP prior to performing any services.
- Providing deliverables such as Security Assessment Reports (SARs) that meet CMS requirements.
Period of Performance
The contract will be effective upon execution or the date indicated on the purchase order and will run for three years. There is an option to renew for three additional one-year terms by mutual agreement.
Place of Performance
The services will be performed within the United States as required by Wisconsin Statute §16.705(1r), specifically at locations designated by DHS.
Bidder Requirements
Vendors must not currently hold a contract with DHS for IT integration or managed service provider services. They must provide documentation proving independence from any current contracts related to CARES or MMIS programs. Additionally, vendors must have experience providing independent security assessments over the last three consecutive years, possess ANSI recognized certifications among their staff, and ensure all work is performed within the United States.
The Wisconsin Department of Health Services (DHS) is seeking proposals for a security assessment Supplier to award a contract based on the results of this Request for Proposal (RFP). The DHS's mission includes ensuring the security and privacy of its information systems, particularly the Client Assistance for Re-Employment and Economic Support (CARES) system. This system requires annual security assessments as mandated by the Centers for Medicare and Medicaid Services (CMS). This RFP aims to engage a qualified Supplier who can provide comprehensive security assessment services that align with federal and state compliance standards.
Work Details
The Supplier will conduct an annual security assessment of DHS’s CARES system, which includes:
- Utilizing methodologies and best practices for security assessments.
- Conducting passive reviews, hands-on examinations, and application/infrastructure testing.
- Employing technical and non-technical testing methodologies across various technologies including cloud, on-premise, network, infrastructure, and applications.
- Measuring and reporting risks associated with the system.
- Ensuring compliance with NIST Special Publication 800-53 standards and CMS’s Framework for Independent Assessment of Security and Privacy Controls.
- Creating Statements of Work (SOW) for all engagements under this RFP prior to performing any services.
- Providing deliverables such as Security Assessment Reports (SARs) that meet CMS requirements.
Period of Performance
The contract will be effective upon execution or the date indicated on the purchase order and will run for three years. There is an option to renew for three additional one-year terms by mutual agreement.
Place of Performance
The services will be performed within the United States as required by Wisconsin Statute §16.705(1r), specifically at locations designated by DHS.
Bidder Requirements
Vendors must not currently hold a contract with DHS for IT integration or managed service provider services. They must provide documentation proving independence from any current contracts related to CARES or MMIS programs. Additionally, vendors must have experience providing independent security assessments over the last three consecutive years, possess ANSI recognized certifications among their staff, and ensure all work is performed within the United States.
Loading Map
Loading Map
Overview
Opportunity ID
S-1708 DES-25
Version
2
Response Deadline
Dec. 19, 2025
Past Due
Date Posted
Nov. 14, 2025
Source
Est. Value Range
Experimental
$500,000 - $2,000,000
(AI estimate)
Agency Distribution
High
On 11/14/25 HEALTH SERVICES, DEPT OF in Wisconsin issued Security Assessments with ID S-1708 DES-25 due 12/19/25.
Contacts
Documents
Posted documents for Security Assessments
Opportunity Assistant
AI Analysis
AI Generate