Cybersecurity and Physical Security Assessment Service

The government authority in Charleston, West Virginia, is seeking a vendor to provide a comprehensive cybersecurity and physical security assessment program focused on institutionally managed systems and employee-related access controls. This engagement is designed to establish a structured, recurring, and risk-based assessment program that evaluates the overall institutional security posture, identifies material risks, tracks remediation progress, and measures improvements in maturity over time.

The assessment must be aligned with the agency's Cybersecurity Framework and include deliverables such as an executive summary, a detailed technical report, a NIST CSF maturity scorecard, a prioritized 12- to 18-month remediation roadmap, a technical readout session with IT leadership, and an executive presentation to the President's Cabinet. A review of identity and access management is required, including identity-related risk findings, privilege exposure analysis, and actionable recommendations for access management improvement. The contract period will be for one year.