Specifications include, but are not limited to: The purpose of this Request for Quotes (RFQ) is to solicit qualified third-party service providers to perform a cybersecurity risk/maturity assessment. The overall objectives of the assessment include but are not limited to the following: 1. To help the City of Rockville gain a better understanding of its current cybersecurity posture (vulnerabilities, threats, risks) 2. To help the City of Rockville identity control gaps and perform gap/risk analysis in alignment with the NIST cybersecurity framework 3. Provide risk-based tactical and strategic directions to the City of Rockville and build a risk-based project roadmap to mature and strengthen the cybersecurity program of the City of Rockville; - Conduct a comprehensive cybersecurity risk assessment - Assess the City’s IT access controls related to internal IT infrastructure and applications - Conduct a gap analysis to demonstrate the effectiveness of current City IT infrastructure, security, and resourcing to identify and mitigate potential risk vulnerabilities - Develop a risk matrix and perform a risk analysis - Provide a detailed analysis of the current security environment, including vulnerabilities - After completion of the assessment, the vendor will be expected to provide a written report of the findings.
