Cybersecurity Assessment Contractor

GDEcD has been awarded federal funds to support Georgia-based small and medium-sized defense contractors in preparing for compliance with the new DoD Cybersecurity Maturity Model Certification (CMMC) standards for cybersecurity. This procurement is subject to the availability of federal funds.
GDEcD seeks an offeror to provide cybersecurity assessment programs for GDEcD-identified small and medium-sized defense contractors and suppliers. Details on the assessment program and required deliverables are below.

Offeror must complete cybersecurity assessments for an estimated ten small to medium-sized defense contractors who are working toward compliance with the current DoD regulations on Cybersecurity, including the new DoD Cybersecurity Maturity Model Certification (CMMC) standards for cybersecurity. Based on the availability of federal funds, additional defense contractor assessments may be available for offeror completion.

GDEcD will identify companies eligible

for completion of cybersecurity assessment and coordinate with offeror to provide contact information to schedule companies for assessment.

Offeror must conduct assessment and gap analysis of the company¿s environment, providing a view of the current and desired state of basic cybersecurity hygiene. The gap analysis will be to the equivalent of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements based on NIST Handbook 162, NIST 800-171 Rev. 2, DFARS Case 2019¿D041, CMMC Model version 1.02, and 130 identified practices.

Offeror must meet with companies (companies may be open to virtual meetings) and complete data collection to complete assessment. Data collection could include interviews with company staff, use of questionnaires, observation, network scanning tools and other suitable methods to document the company¿s current state.

After documenting the current state of cybersecurity environment, the offeror will complete and prepare for upload, several required deliverables.