When is the submission deadline?

Submissions are due June 15, 2026.

What is the budget for this RFP?

The published budget is $611,325.

It was issued by New York City Department Of Finance. The work is located in New York, New York, United States.

Who is a good fit for this opportunity?

Current Qualified Security Assessor (QSA) credentials. Extensive PCI DSS assessment and certification experience. Proven work with large, complex government or enterprise environments. Expertise in payment channel security, compliance testing, and documentation. Ability to advise internal compliance teams across multiple agencies. Experience delivering mandated PCI reports and annual certifications.

Payment Card Industry Data Security Standard Security Assessor Services (Due June 15, 2026)

Overview

Cybersecurity & Data Privacy

New York, New York, United StatesPosted: May 14th, 2026Deadline: June 15th, 2026

Fit Score

Settle Intelligence

Settle helps teams find, qualify, and respond to RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.

Learn more about Settle

SUMMARY

New York government authority seeks a qualified firm to perform annual PCI DSS certification, assessments, and reporting for multiple payment channels and city agencies. Vendors must hold current QSA credentials and have experience with large, complex PCI environments.

KEY REQUIREMENTS

BUDGET

Verified

$611,325

CONTRACT DURATION

60 months

TIMELINE

The contract term is for five years, with potential renewal options for one period of four years or two periods of two years each.

Issuing Agency

New York City Department Of Finance

Organization overview and procurement intelligence available on paid plans.

See Issuer Research

DESCRIPTION

The government authority in New York is seeking a vendor to provide Payment Card Industry Data Security Standard (PCI DSS) security assessor services. The selected firm will support the authority in meeting its mandated annual PCI DSS certification requirements and will serve as a qualified expert resource throughout the compliance process.

Scope of work includes performing the annual PCI DSS certification for NYC OTI and its six payment channels, as well as providing subject matter expertise and guidance to the agency’s internal PCI team as it conducts PCI certification activities for twenty-eight PCI Level 4 city agencies. The vendor will conduct required assessments, testing, validation, and documentation to confirm compliance with PCI DSS requirements.

The engagement also requires completion of all mandated PCI DSS reports and certifications. Respondents must hold current Qualified Security Assessor (QSA) credentials and demonstrate substantial experience performing PCI DSS assessments for large, complex organizations.

Similar RFPs

Frequently asked questions

When is the submission deadline?: Submissions are due June 15, 2026.
What is the budget for this RFP?: The published budget is $611,325.
Who issued this RFP?: It was issued by New York City Department Of Finance. The work is located in New York, New York, United States.
Who is a good fit for this opportunity?: Current Qualified Security Assessor (QSA) credentials
Extensive PCI DSS assessment and certification experience
Proven work with large, complex government or enterprise environments
Expertise in payment channel security, compliance testing, and documentation
Ability to advise internal compliance teams across multiple agencies
Experience delivering mandated PCI reports and annual certifications

Stop missing winnable RFPs

Create a free account to search the full database, filter by your criteria, and have new RFPs matched to your business automatically.

See how Settle works