Cyber Security Assessment Services for State IT Systems

Issue RFP March 6, 2026

Pre-Proposal Teleconference March 13, 2026

Deadline for Written Questions March 20, 2025

Deadline for Receipt of Proposals March 31, 2026

DLA issues Notice of Intent to Award a Contract April 21, 2026

Contract signed by DLA May 4, 2026

Project Starts June 1, 2026

Draft Copies of Reports Delivered to DLA September 14, 2026

Final Copies of Reports Delivered to DLA September 30, 2026

The government authority in Alaska is seeking vendors to conduct cybersecurity assessments of select state IT systems. The assessment should be performed using the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Center for Internet Security (CIS) controls. The security review will cover the infrastructure supporting key systems, the types and extent of data processed within those systems, and associated database structures.

Vendors will be responsible for analyzing statewide IT security training policies, particularly their effectiveness in countering phishing schemes. This evaluation is to encompass all relevant policies, not only those tied to the specific systems under review. Additionally, vendors must develop a comprehensive, classification-based inventory of all relevant assets and data flows. The scope includes identifying, validating, and prioritizing threats and vulnerabilities across the specified IT systems and their supporting infrastructure. Application-level security controls will also be evaluated.