Specifications include, but are not limited to: The managed cybersecurity services shall include, but not be limited to, the following: 1. Risk Assessment: Conduct a comprehensive risk assessment to identify and prioritize cybersecurity risks and vulnerabilities. 2. Cybersecurity Policies and Procedures: Develop, implement, and maintain cybersecurity policies, procedures, and standards to protect the RRAC’s network, systems, and data from cyber threats. 3. Cybersecurity Awareness Training: Develop and conduct regular cybersecurity awareness training for RRAC staff and stakeholders. 4. Network Security: Implement and maintain network security controls, including firewalls, intrusion detection and prevention systems, and other security devices. 5. Endpoint Protection: Implement and maintain endpoint protection, including antivirus, antimalware, and anti-spyware software, and ensure all endpoint devices are secure. 6. Data Protection: Implement and maintain data protection controls, including encryption, access controls, and backups. 7. Incident Response: Develop and maintain an incident response plan and conduct regular incident response training and tabletop exercises. 8. Compliance Reporting: Prepare and submit compliance reports to TSA and other regulatory agencies as required. 9. Continuous Monitoring: Conduct continuous monitoring of RRAC’s network, systems, and data to identify and respond to potential threats.
