Cybersecurity Assessment Services

Overview

Cybersecurity & Data Privacy

East Lansing, Michigan, United StatesPosted 4 days agoDeadline: May 26th, 2026

Fit Score

Settle Intelligence

Settle helps teams find, evaluate, and respond to public RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.

SUMMARY

The State of Michigan seeks a vendor to perform a comprehensive cybersecurity assessment of its IT and OT environments, including asset inventories, vulnerability testing, and review of detection and logging capabilities.

KEY REQUIREMENTS

Minimum of ten years of cybersecurity consulting experience
Proven experience assessing operational technology and industrial control system environments
Experience assessing cybersecurity for organizations comparable in size and complexity to Michigan State University
Must have a minimum of three senior-level consultants on the engagement team
Technical Team Lead must have at least five years of experience leading cybersecurity or infrastructure assessments
Senior Consultants must have at least three years of hands-on cybersecurity assessment experience
Must demonstrate ability to conduct assessments using non-intrusive and operationally safe testing methods
Must be able to perform criminal background checks of personnel pursuant to MSU policy
Must maintain specific insurance coverage including Cyber Liability Insurance

BUDGET

Estimate

$100,000 – $250,000

CONTRACT DURATION

12 months

TIMELINE

RFP Issue Date: May 4th, 2026

Deadline for Respondent Questions: May 12th, 2026

MSU Deadline for Providing Response: May 19th, 2026

RFP Response Due Date: May 26th, 2026

Estimated Contract Award: July, 2026

QUESTION DEADLINE

May 12th, 2026

Issuing Agency

Michigan State University

Organization overview and procurement intelligence available on paid plans.

See Issuer Research

DESCRIPTION

A government authority in Michigan is seeking vendors to provide comprehensive cybersecurity assessment services. The selected vendor will be responsible for conducting technical kickoff sessions with IT, OT, and facility stakeholders to establish project parameters. They will document assumptions related to system uptime, safety protocols, and requirements for non-intrusive testing.

The scope includes the development of a detailed engagement plan, data request list, and communication protocols. Vendors will validate and document inventories of IT and OT assets such as servers, network devices, field devices, and applications. The engagement also covers reviewing logical and physical network diagrams, data flows, trust relationships, identification of critical systems, and single points of failure.

Further, the vendor will conduct vulnerability assessments using non-disruptive methods, review baseline security configurations, patch management, hardening standards, and logging setups. The assessment will encompass intrusion and anomaly detection capabilities, and involve technical readout sessions for engineering, IT, and security personnel to discuss the results and recommendations.

Source attribution

This Settle analysis is based on the issuing organization’s public RFP listing.