About the Certification
Contract Number: ITS78
Awarded: 2021
Categories Harbor Networks Supports:
- Category 1: UNSPSC Code: 80-11-18-00
- Category 2: UNSPSC Code: 81-16-00-00
- Category 3: UNSPSC Code: 43-23-32-00
- Category 4: UNSPSC Code: 83-12-00-00
This is a Statewide Contract for Data, Cybersecurity, and Related Audit, Compliance, and Incident Response Services. Services include a full range of audit, penetration tests, reviews, and validation of compliance with legal, regulatory and policy requirements, and related services in areas such as data breach investigation, remediation, and security of confidential information.
Category 1
Full range of data and cybersecurity audits, compliance reviews, and related consulting services, including best practices, gap analysis, scorecards, compliance with internal and external controls (e.g., internal process and procedures, HIPAA, IRS, PII, CJIS), and control validation).
Learn More
When to Use: For organizations in the early stages of cybersecurity planning, Category 1 is a good entry point. Awarded vendors provide a baseline cybersecurity readiness assessment. Vendors are available to audit and assess organizations’ practices, infrastructure, and compliance with federal, state, and other applicable laws and rules, uncover vulnerabilities and irregularities, and make recommendations for improvement.
Category 1 may also help assess changes to existing configurations and requirements. Such changes include infrastructure, vendors, policies and procedures, or legislation.
Category 2
Risk assessments as they relate to internal and external (3rd party) components. Services include risk management strategies, quality assurance audits, cloud security, vendor security, and data security management.
Learn More
Category 3
Cybersecurity testing and readiness services, including external/internal penetration testing, physical security assessments, social engineering assessments, vulnerability assessments, application testing, network security assessments, endpoint security assessments, tabletop exercises, and identity and access management assessments.
Learn More
When to Use: Category 3: Vendors awarded to Category 3 provide assistance with assessing the organization’s readiness for real-world cyber events, e.g., password cracking, cyber hacking, ransomware, and phishing, to ensure security protocols perform as designed. Vendors attempt to “break into” the network environment to identify vulnerabilities and suggest actions to prevent breaches.
Category 4
Information Security and Cybersecurity Incident Response services, including emergency incident response services, incident containment, mitigation, remediation, internal and external communications and required notifications, forensic investigations, managed threat detection and response. Contractors are prepared to engage within 24-48 hours, 7 days a week, and implement incident response protocols as negotiated by the buyer.