State Executive Cyber Protection

Background
The State of Maryland's Department of Information Technology (DoIT) is issuing this Request for Proposals (RFP) to procure comprehensive cyber security services aimed at protecting key State executives and their family members.

This initiative is driven by the need to safeguard these individuals from potential cyber threats that exceed those faced by the general workforce, thereby ensuring they can effectively execute public policy and serve the citizens of Maryland.

Work Details
The contractor will provide a range of cyber security services for up to twenty key State executives, including:
1. Prevention and misuse management of Personally Identifiable Information (PII) and Sensitive Personal Information (SPI).
2. Imposter identification on social media and professional networking platforms.
3. Asset hardening for personal computers, laptops, devices, and servers not owned or managed by the State.
4. Threat monitoring and assessment for direct threats against State executives and their families.
5. Training programs on common cyber threats and personal cyber hygiene, covering topics such as social engineering, password safety, online privacy, and secure communications during emergencies.
6. Technical Security Countermeasures (TSCM) to prevent unauthorized surveillance.
7. Incident reporting to the Maryland Security Operations Center (SOC).

All services must comply with Maryland's policies and industry best practices.

Period of Performance
The contract will have a duration of one base year with two optional one-year extensions.

Place of Performance
Services will be performed primarily at the contractor's location, with specific provisions for securing home networks and personal devices of the State executives.