![Find a School]([{"url":"https://resources.finalsite.net/images/v1724687973/nassaubocesorg/o7lqhs03zcaxbmyugduy/FindaSchoolIcon.svg","width":512}])
![A-Z icon]([{"url":"https://resources.finalsite.net/images/v1733851060/nassaubocesorg/eiesaqms4qsywsnj9wii/AtoZ.svg","width":1600}])
![Careers]([{"url":"https://resources.finalsite.net/images/v1725045847/nassaubocesorg/ztggovu4r1grfcbiqeih/EmployeeSelfServiceIcon.svg","width":576}])
![Employee Login]([{"url":"https://resources.finalsite.net/images/v1724688277/nassaubocesorg/wpri3prnluzqf74xxedo/InfoIcon.svg","width":512}])
![Employee Login]([{"url":"https://resources.finalsite.net/images/v1724688425/nassaubocesorg/zx3peffkz200l3mcj6tg/EnrollIcon.svg","width":384}])
![Compassion in Action Logo of hand holding a red heart]([{"url":"https://resources.finalsite.net/images/v1732121099/nassaubocesorg/oso99bjuys5d0fl1mqry/compassion-in-action.svg","width":120}])
![Icon]([{"url":"https://resources.finalsite.net/images/v1733166045/nassaubocesorg/sollxtbrksclhepss5dx/FoundationlogofigureIcon.svg","width":120}])
Data Privacy & Security Service
The Nassau BOCES Data Privacy and Security Service was developed to support districts’ compliance with New York State’s Education Law 2-D and provides resources to combat the increasing threats to district data and security.
SDPC Virtual Training Session Video
Nassau BOCES DPSS Resources
Nassau BOCES/RIC CIT Supplemental Information
Use this link to open the Nassau BOCES/RIC-CIT Supplemental Information page in a new window.
All products listed under the Nassau BOCES/RIC-CIT Supplemental Information page lists third-party contracts with Education Law 2-d data privacy agreements. This list is a work in progress and will be updated on an ongoing basis.
RFP 2531 NIST Gap Analysis and Remediation
- RFP 2531 NIST Gap Analysis & Remediation
- Stetson Cybergroup
- IKON Business Group
- Intelligent Cloud Care
- CDW
- SVAM
- Sedara
RFP 2531 NIST Gap Analysis & Remediation
BOARD OF COOPERATIVE EDUCATIONAL SERVICES
OF NASSAU COUNTY
BOARD OF COOPERATIVE EDUCATIONAL SERVICES OF NASSAU COUNTY DEPARTMENT OF BUSINESS SERVICES
George Farber Administrative Center
71 Clinton Road
P. O. Box 9195
Garden City, New York 11530-9195
For all above services, vendor must provide reports and documentation on the findings of services rendered.
For additional information including vendor pricing contact Laura Pollak (lpollak@nasboces.org)
I. PURPOSE/OBJECTIVE
Nassau BOCES issued a formal, sealed request for proposals for NIST Cybersecurity
Framework Gap Analysis & Remediation Support for Nassau BOCES participating school districts.
This RFP is available to all Nassau BOCES component school districts.
II. PROCESS
Districts contact the awarded vendors for quotes to perform the scope of services specified below, and may contract for either or both of the services. All proposals and quotes will come directly from Nassau BOCES Data Privacy & Security Services CoSer 602.066/566 as a Letter of Intent (LOI). Once the LOI is signed by the district’s superintendent or authorized business official, it will be placed on the next available Nassau BOCES Board agenda for approval. All services will be contracted directly through Nassau BOCES. Proper Board Resolutions and contracts must be filed and board approved before the vendor may begin contracted work with the district.
III. SCOPE OF SERVICES
RFP OVERVIEW
New York State Education Law 2-d requires educational agencies to adopt a policy on data security and privacy that aligns with the state’s data security and privacy standard. The New York State Department of Education adopted the National Institute for Standards and Technology Cybersecurity Framework (NIST CSF) as the standard for educational agencies. This Request for Proposal (RFP) is issued to select one or more vendors to provide and/or perform NIST Cybersecurity Framework Gap Analysis & Remediation Support services for Nassau BOCES component school districts.
IV. TYPES OF SERVICES
-
NIST Cybersecurity Framework Gap Analysis
-
Conduct Part 121 and NIST CFS Assessments for 5 Core Functions and 23 Categories:
-
IDENTIFY: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
-
PROTECT: Develop and implement appropriate safeguards to ensure delivery of critical services.
-
DETECT: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
-
RESPOND: Develop and implement appropriate activities for a detected cybersecurity incident.
-
RECOVER: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Create Gap Analysis Reports to include the following:
-
Identify Major Risks and Issues
-
Review and Comment on Current Policies
-
Create Compliance Action Plan
-
NIST Cybersecurity Framework Gap Analysis Remediation Support
-
to be conducted collaboratively with Nassau BOCES. Review Gap Analysis Reports
-
Review and Guide Progress of Action Plan
-
Review and Guide Progress on Risks & Issues Review and Update Gap Reports
RFP # 2531
NIST Cybersecurity Framework Gap Analysis & Remediation Support
FOR NASSAU BOCES COMPONENT SCHOOL DISTRICTS
Stetson Cybergroup
IKON Business Group
Intelligent Cloud Care
CDW
SVAM
Sedara
Contact Laura Pollak for a password to view Sedara's video presentation.
www.nassauboces.org/services-for-districts/data-and-management/dpss/sedara
Shared Data Protection Office Support Service (SDPOS)
Shared Data Protection Office Support Service
(SDPOS; CoSer 602.599)
Assists the district’s designated Data Protection Officer (DPO) to help them compliance with Education Law 2-d and Part 121 of the Commissioner’s Regulations,
Five hour and ten hour support packages are available.
RFP #2531- NIST Cybersecurity Framework Gap Analysis & Remediation Support
- RFP #2531- NIST Cybersecurity Framework Gap Analysis & Remediation Support
- RFP #2531 Awarded Vendors' Presentations
RFP #2531- NIST Cybersecurity Framework Gap Analysis & Remediation Support
BOARD OF COOPERATIVE EDUCATIONAL SERVICES OF NASSAU COUNTY
RFP # 2531
NIST Cybersecurity Framework Gap Analysis & Remediation Support
FOR NASSAU BOCES COMPONENT SCHOOL DISTRICTS
Use this link to view PDF version with vendor contact information
I. PURPOSE/OBJECTIVE
Nassau BOCES issued a formal, sealed request for proposals for NIST Cybersecurity Framework Gap Analysis & Remediation Support for Nassau BOCES participating school districts. This RFP is available to all Nassau BOCES component school districts.
II. PROCESS
Districts contact the awarded vendors for quotes to perform the scope of services specified below. You may contract for either or both of the services. All proposals and quotes will come directly from Nassau BOCES Data Privacy & Security Services CoSer 602.066/566 as a Letter of Intent (LOI). Once the LOI is signed by your district’s superintendent or authorized business official, it will be placed on the next available Nassau BOCES Board agenda for approval. All services will be contracted directly through Nassau BOCES. Proper Board Resolutions and contracts must be filed and board approved before the vendor may begin contracted work with the district.
III. SCOPE OF SERVICES
RFP OVERVIEW
New York State Education Law 2-d requires educational agencies to adopt a policy on data security and privacy that aligns with the state’s data security and privacy standard. The New York State Department of Education adopted the National Institute for Standards and Technology Cybersecurity Framework (NIST CSF) as the standard for educational agencies. This Request for Proposal (RFP) is issued to select one or more vendors to provide and/or perform NIST Cybersecurity Framework Gap Analysis & Remediation Support services for Nassau BOCES component school districts.
IV. TYPES OF SERVICES
1. NIST Cybersecurity Framework Gap Analysis
a. Conduct Part 121 and NIST CFS Assessments for 5 Core Functions and 23 Categories:
b. IDENTIFY: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
c. PROTECT: Develop and implement appropriate safeguards to ensure delivery of critical services.
d. DETECT: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
e. RESPOND: Develop and implement appropriate activities for a detected cybersecurity incident.
f. RECOVER: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Create Gap Analysis Reports to include the following:
- Identify Major Risks and Issues
- Review and Comment on Current Policies
- Create Compliance Action Plan
2. NIST Cybersecurity Framework Gap Analysis Remediation Support
- to be conducted collaboratively with Nassau BOCES. Review Gap Analysis Reports
- Review and Guide Progress of Action Plan
- Review and Guide Progress on Risks & Issues Review and Update Gap Reports
For all above services, vendor must provide reports and documentation on the findings of services rendered.
For additional information including vendor pricing, contact Laura Pollak (lpollak@nasboces.org)
RFP #2531 Awarded Vendors' Presentations
Vendor Presentations
Stetson Cybergroup NIST Gap Analysis Remediation Services
Intelligent Cloud Care NIST Gap Analysis Remediation Services
IKON NIST Gap Analysis Remediation Services
https://nboces.sharepoint.com/sites/NASTECH_DPSS/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FNASTECH%5FDPSS%2FShared%20Documents%2FDPSS%2FRFP%5F2531%2FVendor%5FPresentations%2FSVAM%5FNCBOCES%5FPresentation%2Epdf&parent=%2Fsites%2FNASTECH%5FDPSS%2FShared%20Documents%2FDPSS%2FRFP%5F2531%2FVendor%5FPresentations&p=true&ga=1
Additional Education Law 2-d Resources
Ed Law 2-d Regulation Resources
NIST Cybersecurity Framework
- Guide to the NIST Cybersecurity Framework: A K-12 Perspective
- CISA Assessments & Cyber Resilience Resources
- New York State Cybersecurity Toolkit
- NIST CSF Quick Start Guide
Cybersecurity Training
- Cybersecurity Training Resources (Free and Paid Listing)
- Cybersecurity Best Practices Slide Deck
- Cybersecurity Best Practices One-Sheet
Incident Response & Notification
RIC One DPSS Resources
Data Privacy and Inventory Tool
Professional Development
Communications
Digital Digests and Blasts: Participation in the DPSS provides district administrators with just in time information on cyberthreats, phishing schemes and other privacy and security issues in the form of Digital Blasts. Each quarter, a Digital Digest is published that provides in depth information, links and resources on