Specifications include, but are not limited to: Proposals shall include NIST Cybersecurity Framework Gap Analysis & Remediation and services that include but are not limited to the following: NIST Cybersecurity Framework Gap Analysis based on current Cybersecurity Plan Conduct Part 121 and NIST CFS Assessments for 5 Core Functions and 23 Categories: • IDENTIFY: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • PROTECT: Develop and implement appropriate safeguards to ensure delivery of critical services. • DETECT: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • RESPOND: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • RECOVER: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. Create Gap Analysis Reports to include the following: • Identify Major Risks and Issues identified under current plan • Identify duplication or redundant solutions • Review and Comment on Current Plan • Create Compliance Action Plan that would amend our current cybersecurity plan and our future environment Services could also include the following with related reporting and recommendations on an as-needed basis: • Compromise Assessment • Incident Response Service • Managed Detection and Response (MDR) including a tabletop exercise resulting in a runbook • Vulnerability Assessment • Digital Forensics • Penetration Testing
