Contractors will conduct structured cybersecurity assessments with Iowa political subdivisions (cities, counties, and school districts) using a standardized framework developed by the CyIO team. These assessments will help entities understand their current cyber posture, identify gaps, and prepare to plan and implement future cybersecurity controls under SLCGP Objective 3. Each engagement includes: • Reviewing the completed asset inventory and tailoring the assessment to the entity's services and systems • Conducting remote interviews with IT, administrative, and leadership personnel • Using a structured assessment guide and scoring rubric aligned with national frameworks (e.g., NIST CSF, CISA Cyber Essentials, CRR) • Documenting cybersecurity practices in areas such as: o Access controls and identity management o Network and system protection o Backup and recovery o Incident detection and response o Cybersecurity governance and planning o Data protection and data governance for data that is shared, stored, and utilized o Devices, application security, and security updates • Completing a standardized assessment report, including findings, observations, and high-level recommendations • Collaborating with the ISU team for QA, aggregation of assessment data, and refinement of templates • Optionally participating in follow-up sessions or plan development (as needed)
