Specifications include, but are not limited to:It is the University’s intent to engage an external firm to assess the state of information security for computing and networking services at the University and to make recommendations based upon its findings. This assessment should be based on the National Institute for Standards and Technology Cybersecurity Framework (NIST CSF). This assessment should cover all five-core functions included in the NIST CSF (Identify, Protect, Detect, Respond, Recover). This assessment should cover the entire Missouri State University System, including components managed by central information technology organizations (Information Services in Springfield, and Information Technology Services in West Plains), as well as components managed by the distributed information technology organizations on the Springfield campus. o The engagement should include penetration testing of mission-critical university systems. o The University is considering acquiring a cybersecurity liability insurance policy. The assessment should include a discussion of the benefits and challenges specific to our environment of acquiring such a policy, as well as the prevailing higher education industry trends in the acquisition of such coverage. o All activities of the contractor related to this engagement must be coordinated with the University’s Information Security Officer or Chief Information Officer. o The contractor must enter into a non-disclosure agreement with the University that covers all reports, documentation, and material developed or acquired by the contractor as a result of this engagement. The proposed consultancy engagement, and any resulting written analysis will constitute confidential, closed records under Mo. Rev. Stat. § 610.021(21).