Specifications include, but are not limited to: A security assessment is a measurement of the security posture of a system or organization (Miles, Rogers, Fuller, Hoagberg, & Dykstra, 2004). Security assessment is a consultative service and includes passive review, hands-on examination, and/or application and infrastructure testing. Information learned through the security assessment may be used to meet Federal, State, or other requirements and influence Information Technology (IT) decisions. A qua lif ie d Supplier will have a wide breadth of topical knowledge, access to specialized toolsets, and an economy of scale making available the best staff to perform the services necessary including: •Security assessment methodologies and best practices•Multiple security regulations and frameworks•Federal and State compliance •Employing technical and non-technical testing and analysis methodologies•Ability to test a multitude of technologies including cloud, on premise, network, infrastructure, and application •Measuring and reporting risk