Specifications include, but are not limited to: A.One of Maryland’s top priorities is the protection of the Confidentiality, Integrity, andAvailability (CIA) of State systems and data through the implementation of a defense-in-depth, zero-trust strategy that ensures the efficacy of cybersecurity processes, technologies,controls, and staffing. DoIT looks to satisfy four (4) specific goals:1.Complete cybersecurity maturity assessments aligned with the National Institute ofStandards and Technology Cybersecurity Framework (NIST CSF) as required by Statelaw,2.Improve cyber readiness, defense, controls implementation, incident response, and vulnerability mitigation by conducting attack emulations, purple teaming, external penetration tests, and internal penetration tests,3.Establish an Authorization to Operate (ATO) program and execute ATOs that follow National Institute of Standards and Technology Risk Management Framework (NISTRMF) and align to State policies, and4.Improve the security and hardening of State networks and systems through engineering, architecture, and administrative/program services in order to implement technicalconfigurations, integrations, and remediations
