Post Content

ITS78 Shield and Lock on Ones and Zeros Background

Given today’s dynamic cybersecurity landscape, it is essential for organizations to have plans and protections in place to secure their data and IT infrastructure, and the Operational Services Division, in collaboration with experts from around the Commonwealth, is pleased to offer comprehensive tools to address cybersecurity for organizations large and small.

The new ITS78 Data and Cybersecurity Statewide Contract provides a selection of experienced and qualified vendors to address all facets of cybersecurity, including baseline assessments, planning, solutions implementation, and breach remediation. The ITS78 contract, launched July 1, complements a variety of resources available to Commonwealth agencies and municipal organizations (see cover story: Coordination and Collaboration: The Commonwealth’s Cybersecurity Response).

The ITS78 Contract User Guide is expected to be available on August 23. In the meantime, send contract questions to Contract Manager Marge MacEvitt.

ITS78 Category Descriptions and User Scenarios

Category 1

Full range of data and cybersecurity audits and compliance reviews and related consulting services, including best practices, gap analysis, scorecards, compliance with internal and external controls (e.g., internal process and procedures, HIPAA, IRS, PII, CJIS), and control validation.

When to Use: For organizations in the early stages of cybersecurity planning, Category 1 is a good entry point, with awarded vendors providing a baseline cybersecurity readiness assessment. Vendors are available to audit and assess organizations’ practices, infrastructure, and compliance with federal, state, other applicable laws and rules; uncover vulnerabilities and irregularities; and make recommendations for improvement. Category 1 also may be helpful in assessing changes to existing configurations and requirements. Examples of such changes could be infrastructure, vendors, policies, and procedures, or legislative.

Category 2

Risk assessments as they relate to internal and external (third party) components. Services include risk management strategies, quality assurance audits, cloud security, vendor security, and data security management.*

When to Use: Category 2 offers risk assessments when organizations implement significant changes to hardware or software infrastructure. Examples include a new application or server, adding cloud services, or introducing a new IT service provider. Awarded vendors review the new environment and report on possible data and security risks.

Category 3

Cybersecurity testing and readiness services including external/ internal penetration testing, physical security assessments, social engineering assessments, vulnerability assessments, application testing, network security assessments, endpoint security assessments, tabletop exercises, identity and access management assessments.*

When to Use: Vendors awarded to Category 3 provide assistance with assessing the organization’s readiness for real-world cyber events, e.g. password cracking, cyber hacking, ransomware,
and phishing to ensure security protocols perform as designed. Vendors essentially attempt to “break into” the network environment to identify vulnerabilities and suggest actions to prevent actual breaches.

Category 4

Information Security and Cybersecurity Incident Response services, including emergency incident response services, incident containment, mitigation, remediation, internal and external communications and required notifications, forensic investigations, managed threat detection and response. Contractors are prepared to engage within 24-48 hours, 7 days a week, and implement incident response protocols as negotiated by the buyer.**

When to Use: When an organization believes that a cyber event may have taken place, vendors in Category 4 are available to assist with response efforts, including crisis management, business continuity, and communications strategy, among others.

Related Cybersecurity Statewide Contracts

» ITS74 IT Project Services – Although ITS78 vendors may be able to implement suggested remediations, ITS74 vendors offer various consultation services to support the security of computer networks
» ITC73 IT Hardware and Services – Offers encryption devices, firewalls, and two-factor authentication tokens, among other hardware security tools
» ITS75 Software and Services – Offers network security monitoring tools, antivirus and anti-malware software, encryption tools, two-factor authentication software, software to replace end of life applications, among other software resources
» ITS60 Cloud Services – Offers Cloud Solutions and related services

* State agencies requiring engagement under this category must coordinate with and gain the approval of the Office of the Commonwealth Chief Information Security Officer (CCISO).
** State agencies requiring engagement under this category must coordinate with and gain the approval of the Office of the Commonwealth Chief Information Security Officer (CCISO) to ensure that Enterprise systems are not at risk.

Written By:

Tags: , , , , , , ,

Recent Posts

Procurated Program Expanded posted on Nov 17

Procurated Program Expanded

The Operational Services Division’s partnership with Procurated began in May 2020 with the launch of a pilot program that included two highly used Statewide Contracts (SWCs) – Office Supplies and Facilities, Maintenance, and Repairs (MRO). Due to the success of the pilot, the Massachusetts Procurated   …Continue Reading Procurated Program Expanded

Veteran-Owned Small Businesses Added to the Federal Surplus Property Program posted on Nov 3

Veteran-Owned Small Businesses Added to the Federal Surplus Property Program

The State Surplus Property Office (SSPO) primarily works to transfer unneeded Executive branch-owned property to agencies, municipalities, or eligible nonprofits which may better benefit from the items. Another function of the SSPO is to administer the Federal Surplus Property Donation Program, which allows the SSPO   …Continue Reading Veteran-Owned Small Businesses Added to the Federal Surplus Property Program

Video Tutorial: Using the Statewide Contract Index posted on Oct 22

The Statewide Contract (SWC) Index provides answers to frequently asked SWC questions posed by buyers and vendors. Newly available is a six-minute video that reviews some of the Index’s key search functions, including: » Searching for SWC products and services by keywords » Locating contract   …Continue Reading Video Tutorial: Using the Statewide Contract Index