The Port will select a qualified US based cybersecurity services provider on the best value basis using a point method of the award, to undertake three distinct Cybersecurity activities on an annual basis at discretion of the Port of Tacoma. 1) NIST Security Audit The auditor’s approach will utilize the National Institutes of Standards and Technology (NIST) Cybersecurity Framework (CSF) version 2.0 or future versions. This will include a thorough review of the Port's Cybersecurity Program. The cybersecurity program is managed and supported by the Port's IT Department. The assessment will also include, but not be limited to: • Milestone 1-The results of the assessment will be documented on a spreadsheet for each of the CSF controls with risk finding rated as high, medium, and low. • Milestone 2-Plan and prepare for the virtual meeting with the Port's Information Security Officer (ISO) and the Chief Information Officer (CIO) to review the results of the audit. • Milestone 3-Prepare within 30 days, an executive summary in PowerPoint. • Milestone 4-Be prepared for a 20–30-minute briefing of the executive summary to the Port's Cybersecurity Oversight Committee and IT Steering Committee. 2) Security Testing and Validation Capabilities
