RFP # XXXXXX | Proposal Name # XXXXXX | Proposal Name Cyber-Security Assessment, Remediation, and...
Transcript of RFP # XXXXXX | Proposal Name # XXXXXX | Proposal Name Cyber-Security Assessment, Remediation, and...
RFP # XXXXXX | Proposal Name
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
Request for Information (RFI)
State of Florida, Department of Management Services
September 3, 2015
This document contains information that is proprietary and confidential to Phase One Consulting Group, LLC. that shall not be disclosed outside or duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate Phase One Consulting Group, LLC. Any use or disclosure in
whole or in part of this information without the express written permission of Phase One Consulting Group, LLC. is prohibited.
Submitted by: Jodi Huston, Vice President, [email protected], 571.244.9935
Submitted to: Joel Atkinson, Associate Category Manager, [email protected], 850.488.0950
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
September 3, 2015
Mr. Joel Atkinson
Associate Category Manager
4050 Esplanade Way, Ste 360
Tallahassee, FL 32399-0950
Mr. Atkinson:
Phase One Consulting Group (Phase One) is pleased to submit this response to your Request for
Information (RFI) on Cyber-Security Assessment, Remediation, and Identity Protection,
Monitoring, and Restoration Services.
Phase One currently supports multiple cyber-security projects across the Federal government,
providing many of the services described in this RFI including assessments, preparation, and
training for cyber-security. We will leverage lessons learned from our current support and bring
the same commitment to value and excellence should we be selected for future engagements with
the State of Florida. Cyber-Security is one of our fastest growing areas of expertise and we
would welcome the opportunity to bring our understanding of federal-level cyber-security
policies and procedures to you.
Thank you for the opportunity to respond to your RFI. We look forward to developing a
partnership with the State of Florida and you have my pledge of excellence in all aspects of
Phase One’s support. Please contact me if you have any questions or require additional
information. I can be reached at [email protected] or at 571.244.9935.
Respectfully,
Jodi Huston
Vice President
Phase One Consulting Group, LLC
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page i
Table of Contents
1 Introduction ....................................................................................................................... 1
2 Background ....................................................................................................................... 1
3 Contact Information .......................................................................................................... 3
4 Response to Section IV .................................................................................................... 3
4.1 Pre-Incident Services ............................................................................................ 3
4.1.1 Incident Response Agreement .............................................................................. 3
4.1.2 Assessments ........................................................................................................ 4
4.1.3 Preparation ........................................................................................................... 4
4.1.4 Developing Cyber-Security Incident Response Plans ........................................... 5
4.1.5 Training................................................................................................................. 5
4.2 Post-Incident Services .......................................................................................... 6
4.2.1 Breach Services Toll-free Hotline .......................................................................... 6
4.2.2 Investigation/Clean-up .......................................................................................... 6
4.2.3 Incident Response ................................................................................................ 7
4.2.4 Mitigation Plans .................................................................................................... 7
4.2.5 Identity Monitoring, Protection, and Restoration .................................................... 7
Appendix A: IT-70 Schedule ............................................................................................... A-1
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 1
1 Introduction
Phase One is a trusted name in Cyber-Security across the federal government
and we bring expertise in the most demanding Cyber policies including the
Federal Information Security Management Act (FISMA), Federal Risk and
Authorization Management Program (FedRAMP), Federal Information
Processing Standards (FIPS), and Federal Information System Controls Audit
Manual (FISCAM).
Phase One is a full lifecycle, global Information
Technology (IT) solutions firm that seeks to radically
change the way that IT is planned, deployed, and
secured. We know that clients need solutions that work without breaking-the-bank and that is why
we specialize in the technologies that leverage modern platforms to achieve incredible results.
Today's IT application technologies have greatly changed the way that solutions can be developed
and deployed and our approach uses these technologies to put traditional firms out-of-business.
Phase One has provided management consulting and IT development services to the federal
government for more than 18 years. We are a minority-owned US business through the RLJ
Equity Partner Group and we bring a team of industry-recognized experts with extensive
corporate reach-back to every interaction. We have demonstrated expertise in professional
services, Cyber-Security, data analysis and processing, IT administrative support, application
development, and management and general administrative support.
Phase One has proven experience and is widely known across government agencies as a highly
skilled IT process, Cyber-Security, and technology management firm. Over the past several
years, more than half of our revenue has come from solution implementations for major agencies
such as Department of Transportation (DOT) and the Department of Agriculture (USDA).
Through our background in architecture–and now implementation–we understand the enterprise
and the technology security challenges associated with the deployment of enterprise solutions
and the culture change required to fully adopt the new processes and technologies accompanying
the solution.
2 Background
Using proven planning and management techniques, Phase One works with its clients to navigate
strategic and tactical crossroads. We focuses our expertise on affecting change by building
trusted relationships across communities, building consensus, and providing technology and
vendor-independent advice. Phase One is made up of four competency areas, as presented in
figure 1 on the following page.
Cyber-Security
The cyber-security competency area is one of Phase One's fastest growing competency areas,
along with Solutions and Infrastructure. Phase One helps clients with the full cyber-security
lifecycle including strategies, plans, and architecture. The cyber-security competency area is
frequently called on to help with the deployment and operations of cyber-security capabilities.
The cyber-security competency area includes individuals with strong cyber-security backgrounds
in planning and operations. All cyber-security employees are encouraged to work actively within
the competency area to develop innovative solutions to common cyber-security challenges.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 2
Sharing of intellectual property,
practices, and vulnerability
awareness are just some of the
keys to success for the cyber-
security competency area.
Strategy and Planning
The Strategy and Planning
competency area is deeply rooted
in the Phase One DNA. Even
cyber-security implementation
engagements are heavily
influenced by Phase One's
intellect developed in the
Strategy and Planning
competency area. At Phase One,
all client engagements include a
strategy and planning dimension
as a key differentiator for how
business is done. Clients have
come to expect innovation, proper
planning, and well executed
engagements across all of our contracts. The Strategy and Planning competency area is
responsible for key methodologies focused on cyber-security strategy, transformation, strategic
communications, and complex problem-solving.
Solution and Infrastructure
The Solutions and Infrastructure competency area includes Agile application development and
management, mobile ecosystem development and management, as well as cyber-security and
related service areas. The Solutions and Infrastructure competency area provides Phase One
clients with the end-to-end services needed to help them take advantage of the huge potential for
improvement offered by current and emerging cyber tools and best practices. Many Phase One
clients have saved money and offered better services with new or enhanced cyber solutions
designed and developed by Phase One. The Solutions and Infrastructure competency area has
been a leader in the development of Agile approaches to software design and development.
Management and Organization
The Management and Organization competency area includes professionals with domain
expertise in the design, management and operations of business and government organizations.
Phase One teams are called on to solve many organizational challenges for clients. How
organizations should be designed, governed, and managed is part of the intellectual property
responsibilities of the Management and Organization competency area. Further, Phase One
teams support clients with business process reengineering, business and solution analysis and
design, and organizational change management.
Figure 1 - Phase One’s core capabilities align with the skills and capabilities required for the development of a comprehensive Cyber-Security Strategy.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 3
3 Contact Information
Company Information Phase One Consulting Group, LLC 99 Canal Center Plaza, Suite 405 Alexandria, VA 22314 www.pocg.com
Point of Contact Ms. Jodi Huston Vice President [email protected] 571.244.9935
4 Response to Section IV
Phase One has the experience and expertise to help the State of Florida accomplish its objectives
in the most cost-effective and forward-thinking manner possible. We take a vendor-agnostic
approach to client technology deployments. This means that our teams thoroughly examine our
client’s needs and make recommendations based not on our corporate partnerships, but rather on
the solutions best suited to solving your problems. We have deployed technologies from all
major manufacturers including Microsoft, Cisco, Symantec, Checkpoint, Palo Alto, Unix/Linux,
BlueCoat, F5, and many more.
As described throughout this document, Phase One has extensive experience supporting projects
similar in scope and criticality to the technical requirements of the State of Florida’s multiple
cyber-security programs.
4.1 Pre-Incident Services
4.1.1 Incident Response Agreement
Yes, Phase One is able to provide this service. Phase One works with clients to establish
thorough terms and conditions, unique to each organization, as to what activities to undertake
with concern to cyber security. By examining the possible scenarios that might take place,
vulnerabilities in systems can be addressed preemptively, and recommendations for responses
will be developed using industry best-practices and case studies.
Department of Transportation. Phase One has assisted DOT, one of the largest US
Government Departments, with Cyber-Security policy development, keeping it aligned with
the requirements of the FISMA, and ahead of the latest threats facing critical organizations
such as the Federal Aviation Administration (FAA). By establishing terms and conditions
for incident response ahead of time, in keeping with federal standards and requirements,
DOT was enabled to respond more rapidly in the event of a cyber-security breach.
Commodity Futures Trading Commission (CFTC). Phase One has implemented multiple
cyber-security tools to meet the SANS Institute’s (SANS) Twenty Critical controls
guidelines, which map directly with the continuous monitoring 800-53 controls, and to
improve the overall security posture of the CFTC network. A Network Access Control
(NAC), Security Information and Event Management (SIEM), Multi-Factor Authentication,
Configuration Integrity Verifier and various Vulnerability Scanning solutions have been
employed by the Phase One team. The security controls addressed helped the CFTC
become compliant with National Institute of Standards and Technology (NIST) 800-53
regulations.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 4
4.1.2 Assessments
Yes, Phase One is able to provide this service. Phase One takes a unique approach to reducing
vulnerabilities in software and government systems via performing Penetration Testing of client
applications and private cloud environment, as well as providing recommendations and guidance
to re-mediate the discovered vulnerabilities.
Commodities Futures Trading Commission. Phase One highlighted the need for the
CFTC to incorporate security impact analyses and risk assessments into the
Commission’s configuration management process, which led to the creation of a Security
Impact Analysis Manager (SIAM). The SIAM analyzes all planned projects and system
changes for their impact to the CFTC’s overall security posture and the security of its
systems, and also conducts risk assessments of any known vulnerabilities and the
potential impact to the Commission should mitigating factors not be implemented. The
SIAM plays a key role in ensuring information system security in the configuration
management process, provides informed guidance to the Chief Information Security
Officer regarding potential system changes, and ensures that security concerns are
represented at weekly change control board (CCB) meetings. When reviewing planned
system changes, the Phase One SIAM makes a point to understand the business reasons
for each change and the business needs, so that if there are security concerns with the
proposal a more secure alternative can be suggested. Finally, the SIAM ensures that all
system development activities are conducted in a secure manner by meeting with
developers to discuss system changes, security concerns, and (where applicable)
reviewing application code and/or scanning applications for vulnerabilities to ensure that
new security vulnerabilities are not introduced into systems via insecure development
practices. In addition, the Phase One Security Impact Analysis Manager (SIAM) at
incorporates a regular evaluation of security controls into each Security Impact Analysis
(SIA), ensuring that planned system changes do not negatively impact the ability to
successfully meet the requirements of certain NIST SP 800-53 security controls,
particularly those designated as key controls for secure configuration management in
NIST SP 800-128. The SIAM would be a key component to supporting the FAA’s
Continuous Monitoring security program as well as ensuring that security was
implemented during all system development phases.
4.1.3 Preparation
Yes, Phase One is able to provide this service.
Department of Transportation. Phase One supported the DOT Chief Information Security
Officer (CISO) with strategic planning in order to plan the implementation of cyber-
security initiatives. We supported the prioritization of initiatives using a cost vs. risk
approach, developed a plan for implementation based on current resources to achieve
Departmental goals and CISO objectives. Additionally, we supported the development of
DOT’s departmental cyber-security policy and compendium. The compendium provides
the ability for DOT to make updates to the cyber-security content to keep up with the
latest technology and threat trends. We planned and supported the development of the
compendium content, communications and circulation of drafts, comment adjudication
and negotiations across modal offices and approvers. We regularly support annual
updates to ensure currency and relevancy of the content.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 5
Commodities Futures Trading Commission. Phase One helped the CFTC improve their
incident response and threat detection capabilities, through unifying disparate system and
application logs into a centralized SIEM. Through tuning the SIEM, threat correlation
and intrusion alerts have been unified under a single web interface for our clients Security
Operation Team and incident detection and response times have been improved. With the
new SIEM system in place, access to specific information in the SIEM can be assigned to
certain team members to allow for a role based security model and security team
monitoring assignments.
4.1.4 Developing Cyber-Security Incident Response Plans
Yes, Phase One is able to provide this service. Phase One has extensive experience developing
cyber-security incident response plans for a wide range of clients.
Department of Transportation. At the National Highway Traffic Safety Administration
(NHTSA), Phase One reported progress to the system manager/owner and NHTSA
stakeholders and identified any critical issues or risks which could pose an immediate
security threat and provided recommendations for remediation as well as an overall
recommendation to the certifier and accreditor for making a determination for signing the
authority to operate. This task demonstrates Phase One’s ability adhere to standards and
guidelines for performing certification and accreditations and delivering all necessary
documentation as a complete package. Phase One was able to deliver the certification and
accreditation package on time enabling the system to achieve ATO without disruption to
the end user. Additionally, Phase One provided guidance to NHTSA on the controls
which may be impacted if the system were to be upgraded to include personally
identifiable information. This Certification and Accreditation (C&A) was an important
step for NHTSA to maintain its overall mission of highway safety.
United States Department of Agriculture. At the Animal and Plant Health Inspection
Service (APHIS), a sub-agency to USDA, the Phase One team has been a key component
to updating multiple System Security Plans (SSPs) to meet FISMA reporting
requirements and to continuously assess how each applicable NIST SP 800-53 control is
implemented on a given system. The Phase One team was responsible for updating the
APHIS Investigation Tracking and Enforcement Management System (ITEMS) SSP after
their development team moved the application to a new platform. The Phase One team is
also responsible for the implementation of multiple technical, operational, and
management controls to help remediate and close multiple Plan of Action and Milestone
(POA&M) items that align with 800-53 controls. This allows them to provide the APHIS
CISO with a report on a regular basis of all user activity within these applications.
4.1.5 Training
Yes, Phase One is able to provide this service.
Federal Aviation Administration. In order for the customers to meet the compliance and
reporting requirements set forth by FISMA, it is crucial to have a well-trained staff that
understands and has deep knowledge of the guidance in the NIST Special Publications
library. By understanding and properly implementing the guidance and methodologies
presented in the NIST documentations, Federal agencies can efficiently meet FISMA
compliance requirements, bolster the security of their sensitive information systems, and
avoid disrupting day-to-day operations that rely on those information systems. Phase One
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 6
has a deep understanding of these special publications and knows how to apply them in a
unique and effective manner.
Department of Transportation. Phase One provided support to NHTSA by performing
C&A in accordance with NIST SP 800-53A by following the NIST Risk Management
Framework as described in NIST SP-800-37 Rev1 for a cloud-hosted, externally facing,
web-based system. This system has limited access to authorized law enforcement
officials and criminal justice systems users and provides a repository for tracking
standardized field sobriety testing training and materials as well as field data for sobriety
related investigations into suspected persons. Phase One assessed the current state of the
C&A package, performed a gap analysis of the existing assessment, conducted an
updated C&A including Security Testing and Evaluation (ST&E), conducted an
independent risk assessment, and ensured all system security documentation was
complete and in compliance with DOT policies and guidelines. As deliverables, Phase
One prepared and submitted the following:
o Information and System Security Categorization based on FIPS 199 and SP 800-60
o Risk Assessment (RA), based on SP 800-30
o System Security Plan (SSP), based on SP 800-18 and SP800-53
o Information Technology Contingency Plan (ITCP), based on SP 800-34
o Plan of Actions and Milestones (POA&M), based on OMB Memo 06-20
o Security Test Plan (STP) based on SP 800-42, and SP 800-53A
o Vulnerability scanning results
o Security Assessment Report (SAR)
4.2 Post-Incident Services
4.2.1 Breach Services Toll-free Hotline
Phase One does not currently support these services.
4.2.2 Investigation/Clean-up
Yes, Phase One is able to provide this service. Phase One has extensive experience with
planning and implementing technologies to help agencies meet the Continuous Monitoring
requirements set forth in NIST Special Publication 800-137. Implementing these monitoring
tools provides us with the skillsets needed to conduct rapid evaluations of cyber-security-related
incidents and quickly assess what is needed to return to pre-incident levels:
Commodity and Futures Trading Commission. Phase One designed a Vulnerability
Management process and procedure at CFTC that has become the central point for
vulnerability remediation. The process included performing an inventory on all endpoints
in the environment and assessing their vulnerability status with the use of an automated
scanner. Remediation in the environment is performed via software patching, or
correcting configurations that have drifted on endpoints. The process of discovery and
remediation is performed weekly by a security manager.
United States Department of Agriculture. At APHIS the Phase One team is also regularly
involved with vulnerability remediation. By utilizing vulnerability reports that are
outputted regularly by RetinaCS, the Phase One team is aware of all vulnerabilities on the
servers they are responsible for maintaining. They are required to remediate these
vulnerabilities by installing new patches, updating software, and making tweaks in code
in a timely manner to avoid shutting down the server itself.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 7
4.2.3 Incident Response
Phase One does not currently support these services.
4.2.4 Mitigation Plans
Yes, Phase One is able to provide this service. Phase One works with clients to establish
thorough terms and conditions, unique to each organization, as to what activities to undertake
with concern to cyber security. By examining the possible scenarios that might take place,
vulnerabilities in systems can be addressed preemptively, and recommendations for responses
will be developed using industry best-practices and case studies.
US Department of Transportation. Phase One has assisted DOT, one of the largest US
Government Departments, with Cyber-Security policy development, keeping it aligned
with the requirements of the FISMA, and ahead of the latest threats facing critical
organizations such as FAA. By establishing terms and conditions for incident response
ahead of time, in keeping with federal standards and requirements, DOT was enabled to
respond more rapidly in the event of a cyber-security breach.
4.2.5 Identity Monitoring, Protection, and Restoration
Phase One does not currently support these services.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-1
Appendix A: IT-70 Schedule
The Phase One IT-70 Schedule is presented on the following pages.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-2
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-3
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-4
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-5
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-6
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-7
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-8
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-9
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-10
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-11
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-12
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-13
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-14
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-15
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-16
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-17
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-18
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-19
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-20
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-21
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-22
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-23
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-24
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-25
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-26
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-27
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-28
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the proposal cover page. Attachment A: IT-70 Schedule, Page A-29