Specifications include, but are not limited to: 1. Review of current controls, policies, and documentation 2. Assessment against NIST 800-53 framework over: a. IT Infrastructure b. Business Continuity and Disaster Recovery c. Data Management and Privacy d. Security and Risk Management e. Network Monitoring and Defense 3. Vulnerability Assessment 4. Penetration Testing 5. Incident Response Management 6. Inventory and Control of Enterprise and Software Assets 7. Secure Configuration of Enterprise and Software Assets 8. Access Management and Control 9. Project Management 10. Governance and Strategy Review 11. Vendor/Contracting Management 12. Security Awareness Training 13. Assess compliance with any other state, county, or contracted mandates.
