Specifications include, but are not limited to: The Mississippi Department of Information Technology Services (ITS) is seeking the services of qualified Vendors to provide comprehensive security and risk assessment services for the information technology (IT) assets used by ITS and public government entities of Mississippi. The comprehensive security and risk assessment services are needed to investigate, identify, measure, and prioritize the potential risks that exist on the IT assets for the State of Mississippi. These services must incorporate the use of human interaction as well as automated tools to assess and report these vulnerabilities. In addition to providing information on the potential risks, recommendations must be provided that will allow agencies to understand their exposure and take precise measures to mitigate it. The comprehensive set of security and risk assessment services are comprised of four types of assessment service offerings: 1) Cloud Compliance Services; 2) Penetration Testing Services; 3) Security Risk Assessment Services; and 4) Security Program Assessment Services. Vendors have the option of submitting proposal responses to one or multiple types of assessment service offerings.