Data Privacy & Security Service

Board of Cooperative Educational Services of Nassau County – RFP #2531: NIST Cybersecurity Framework Gap Analysis & Remediation Support

For Nassau BOCES Component School Districts

RFP with vendor contact information

I. Purpose/Objective

Nassau BOCES issued a formal, sealed request for proposals for NIST Cybersecurity Framework Gap Analysis & Remediation Support for Nassau BOCES participating school districts. This RFP is available to all Nassau BOCES component school districts.

II. Process

Districts contact the awarded vendors for quotes to perform the scope of services specified below. You may contract for either or both of the services. All proposals and quotes will come directly from Nassau BOCES Data Privacy & Security Services CoSer 602.066/566 as a Letter of Intent (LOI). Once the LOI is signed by your district’s superintendent or authorized business official, it will be placed on the next available Nassau BOCES Board agenda for approval. All services will be contracted directly through Nassau BOCES. Proper Board Resolutions and contracts must be filed and board approved before the vendor may begin contracted work with the district.

III. Scope of Services

RFP Overview

New York State Education Law 2-d requires educational agencies to adopt a policy on data security and privacy that aligns with the state’s data security and privacy standard. The New York State Department of Education adopted the National Institute for Standards and Technology Cybersecurity Framework (NIST CSF) as the standard for educational agencies. This Request for Proposal (RFP) is issued to select one or more vendors to provide and/or perform NIST Cybersecurity Framework Gap Analysis & Remediation Support services for Nassau BOCES component school districts.

IV. Types of Services

1. NIST Cybersecurity Framework Gap Analysis

1. Conduct Part 121 and NIST CSF Assessments for 5 Core Functions and 23 Categories:
2. Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
3. Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
4. Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
5. Respond: Develop and implement appropriate activities for a detected cybersecurity incident.
6. Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

Create Gap Analysis Reports to Include the Following:

• Identify Major Risks and Issues
• Review and Comment on Current Policies
• Create Compliance Action Plan

2. NIST Cybersecurity Framework Gap Analysis Remediation Support

• To be conducted collaboratively with Nassau BOCES. Review Gap Analysis Reports
• Review and Guide Progress of Action Plan
• Review and Guide Progress on Risks & Issues; Review and Update Gap Reports

For all above services, vendor must provide reports and documentation on the findings of services rendered.

For additional information including vendor pricing, contact Laura Pollak (lpollak@nasboces.org)

Contact Laura Pollak for a password to view Sedara's video presentation.

View Sedara's Video Presentation