Specifications include, but are not limited to: • Independently assess the cybersecurity maturity level as measured against the NIST Cybersecurity Framework and the Center for Internet Security (CIS) 20 Critical Security Controls; • Review the network architecture, including L2 and L3 routing approach, use of redundant/survivable equipment configurations, use of Firewalls, use of access control lists and remote access methodologies and evaluate its conformance with best practices for a network of this size and complexity • Identify any security gaps, prioritize them and describe the level of effort required to mitigate them; • Discovering non-existent and/or weak information security management processes within the organization; • Identifying opportunities to improve the network architecture, network consolidation, simplification and cost reduction; • Confirm cyber-protection systems and processes are properly secured from internal and external threats; and • Prepare and present a technical roadmap to improve the security, readiness and effectiveness of the State of New Hampshire’s cybersecurity posture.