Managed Security Provider Services

RFP Issue Date: May 5th, 2026

Pre-Proposal Conference: May 14th, 2026

RSVP for Site Visit: May 12th, 2026

Site Visit Request Deadline: May 18th, 2026

Questions Due Date: June 26th, 2026

Proposal Due Date: July 8th, 2026

A government authority in Annapolis, Maryland is seeking a vendor to provide managed security provider services under a two-year contract. The engagement is intended to strengthen the agency's cybersecurity operations, engineering capabilities, and enterprise risk management.

The selected provider will support the creation of a centralized security department that unifies cybersecurity functions, addresses security gaps, improves cyber hygiene, and establishes clearly defined roles and responsibilities. The scope also includes enforcing proper separation of duties to strengthen governance and protect systems and data.

Services include application security support such as vulnerability assessments, secure code reviews, architecture analysis, integration of security practices into the software development lifecycle, and remediation guidance and training for development teams. The provider will also deliver technology risk management services, including system, network, and application risk assessments, control evaluations, identification of residual risks, and preparation of risk registers, control effectiveness reviews, and mitigation recommendations aligned with enterprise risk tolerance.

A pre-bid meeting is scheduled for May 14, 2026, and all questions must be submitted by June 26, 2026.