Specifications include, but are not limited to: • Provide references, projects, or case-studies where the vendor assisted their customers implement or improve the adoption of the NIST Cybersecurity, Risk Management, or NIST SP 800-53 Rev. 5 frameworks to improve an organization’s overall cyber security posture. Ideally, the vendor would demonstrate how they improved the organizations maturity in any of the following objectives: o 3rd party, supply chain, or vendor management program o Implementing and training the organization on their Cybersecurity Incident Response plan and procedures Playbook Development: Develop customized playbooks for the following incident types: ransomware attacks, business email compromise, and stolen credentials. Presentation-Style Exercise • Facilitate a presentation-style exercise for our IT staff to practice the implementation of the IR plan (Walk Phase). • This exercise should simulate a realistic cybersecurity incident scenario and allow our IT staff to demonstrate their response capabilities. o Enhance and implement an information security and risk management programs o Evaluate and improve the organization’s overall cybersecurity program including conducting a NIST CSF version 1.1 maturity assessment. • Provide an overview of the vendor’s standard approach with other client engagements to manage and implement project deliverables (on time and on budget).