SCADA and IT Network Cybersecurity Assessment and Improvement Services

Overview

Cybersecurity & Data Privacy

O'Fallon, Missouri, United StatesPosted about 1 month agoDeadline: May 12th, 2026

Fit Score

Settle Intelligence

Settle helps teams find, evaluate, and respond to public RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.

SUMMARY

Missouri seeks a contractor to assess and enhance the cybersecurity of its SCADA and IT networks, including asset inventory, risk assessment, and network documentation.

KEY REQUIREMENTS

Must be licensed, insured, and bonded
Must attend the mandatory pre-bid meeting on April 24th, 2026
Must be E-Verify compliant
Must provide a signed, notarized affidavit affirming enrollment in a federal work authorization program
Must provide a current certificate of insurance listing the City of O'Fallon as an additional insured
Must provide a sample copy of current contract/agreement
Must provide at least four references of current or past clients for the same services

BUDGET

Estimate

$50,000 – $150,000

CONTRACT DURATION

36 months

TIMELINE

Release and advertisement of RFP: April 6th, 2026

Mandatory Pre-Bid Meeting: April 24th, 2026 at 1:00 P.M. CDT

Proposal submission deadline: May 12th, 2026 at 12:00 P.M. CDT

QUESTION DEADLINE

April 24th, 2026

Issuing Agency

City Of O'Fallon

Organization overview and procurement intelligence available on paid plans.

See Issuer Research

DESCRIPTION

The government authority in Missouri is seeking a vendor to provide comprehensive cybersecurity assessment and improvement services for its SCADA and IT networks. The selected vendor will be responsible for assessing and recommending secure management practices for non-SCADA devices on the OT network, including desktops, laptops, engineering workstations, and vendor devices. Recommendations should address secure remote management, access controls, multi-factor authentication, jump hosts, and logging to bolster security.

The scope includes implementing or recommending a passive, OT-safe asset discovery approach to identify all connected devices—such as PLCs, HMIs, RTUs, historians, servers, and networking hardware—and establishing strategies for continuous asset visibility. The vendor must also perform a thorough operational and cybersecurity risk assessment, identifying risks including single points of failure, legacy system vulnerabilities, remote access threats, supply chain/vendor exposures, and ransomware susceptibility.

Evaluation of current backup and configuration management practices for SCADA assets is required, with recommendations for secure, segmented, and immutable backups where possible. The project further entails creating comprehensive, auditor-ready network documentation, featuring logical and physical diagrams of network connections—including interfaces between IT, OT, field devices, remote sites, lift stations, wells, and treatment facilities—and full documentation of data flows, trust boundaries, firewall rules, remote access, and third-party connections. The contract will be for a one-year period, and a mandatory pre-bid meeting is scheduled for April 24, 2026.

Source attribution

This Settle analysis is based on the issuing organization’s public RFP listing.