RFP #2463- NIST Cybersecurity Framework Gap Analysis & Remediation Support

  • BOARD OF COOPERATIVE EDUCATIONAL SERVICES OF NASSAU COUNTY 

    RFP # 2463 

    NIST Cybersecurity Framework Gap Analysis & Remediation Support  

    FOR NASSAU BOCES COMPONENT SCHOOL DISTRICTS 

    I. PURPOSE/OBJECTIVE 

    澳门六合图库 issued a formal, sealed request for proposals for NIST Cybersecurity Framework Gap Analysis & Remediation Support for 澳门六合图库 participating school districts. This RFP is available to all 澳门六合图库 component school districts. 

    II. PROCESS 

    Districts contact the awarded vendors for quotes to perform the scope of services specified below. You may contract for either or both of the services. All proposals and quotes will come directly from 澳门六合图库 Data Privacy & Security Services CoSer 602.066/566 as a Letter of Intent (LOI). Once the LOI is signed by your district’s superintendent or authorized business official, it will be placed on the next available 澳门六合图库 Board agenda for approval. All services will be contracted directly through 澳门六合图库. Proper Board Resolutions and contracts must be filed and board approved before the vendor may begin contracted work with the district. 

    III. SCOPE OF SERVICES 

    RFP OVERVIEW 
    New York State Education Law 2-d requires educational agencies to adopt a policy on data security and privacy that aligns with the state’s data security and privacy standard. The New York State Department of Education adopted the National Institute for Standards and Technology Cybersecurity Framework (NIST CSF) as the standard for educational agencies. This Request for Proposal (RFP) is issued to select one or more vendors to provide and/or perform NIST Cybersecurity Framework Gap Analysis & Remediation Support services for 澳门六合图库 component school districts.  

     IVTYPES OF SERVICES

    1. NIST Cybersecurity Framework Gap Analysis 

    a. Conduct Part 121 and NIST CFS Assessments for 5 Core Functions and 23 Categories: 

    b. IDENTIFY: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. 

    c. PROTECT: Develop and implement appropriate safeguards to ensure delivery of critical services. 

    d. DETECT: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. 

    e. RESPOND: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. 

    f. RECOVER: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. 

    Create Gap Analysis Reports to include the following: 

    • Identify Major Risks and Issues 
    • Review and Comment on Current Policies 
    • Create Compliance Action Plan 

     2. NIST Cybersecurity Framework Gap Analysis Remediation Support

    • to be conducted collaboratively with 澳门六合图库. Review Gap Analysis Reports
    • Review and Guide Progress of Action Plan 
    • Review and Guide Progress on Risks & Issues Review and Update Gap Reports 

    For all above services, vendor must provide reports and documentation on the findings of services rendered. 

    For additional information including vendor pricing, contact Laura Pollak (lpollak@nasboces.org)