CMMC Compliance Services RFPs
Browse active CMMC Compliance Services RFP opportunities from federal, state, and local government agencies. Find solicitations, track deadlines, and discover bid opportunities updated daily.
The Department of War (formerly Department of Defense) Office of the Chief Information Officer issued this Request for Information (RFI) titled 'Reforming CMMC and Reducing Compliance Burden for the Defense Industrial Base (DIB).' The RFI solicits industry input on reforming the Cybersecurity Maturity Model Certification (CMMC) program following the immediate suspension of CMMC Phase II requirements announced on July 13, 2026. Industry stakeholders, particularly small, medium, and non-traditional defense contractors, are invited to provide recommendations to reduce compliance burdens while maintaining strong cybersecurity protections for defense industrial base information.
Posted Date
Release: Jul 13, 2026
Due Date
Close: Aug 14, 2026
The Department of War (formerly Department of Defense) Office of the Chief Information Officer issued this Request for Information (RFI) titled 'Reforming CMMC and Reducing Compliance Burden for the Defense Industrial Base (DIB).' The RFI solicits industry input on reforming the Cybersecurity Maturity Model Certification (CMMC) program following the immediate suspension of CMMC Phase II requirements announced on July 13, 2026. Industry stakeholders, particularly small, medium, and non-traditional defense contractors, are invited to provide recommendations to reduce compliance burdens while maintaining strong cybersecurity protections for defense industrial base information.
Posted Date
Release: Jul 13, 2026
Due Date
Close: Aug 14, 2026
The Massachusetts Department of Conservation and Recreation (DCR) seeks vendors to establish a Master Service Agreement to provide health and safety certification and training, and environmental and compliance certification and training. The solicitation (BD-22-1020-DCRCU-DC250-67989) was posted with an open date of 2021-11-07 and a close date of 2027-01-31.
Posted Date
Release: Nov 7, 2021
Due Date
Close: Jan 31, 2027
State & Local Cybersecurity
AvailableThis Request for Proposals (RFP) is seeking comprehensive cybersecurity services for state and local entities in North Carolina. The required services include network monitoring, security awareness training, vulnerability assessments, and incident response planning. A significant component of this solicitation involves facilitating the transition to a .gov domain for improved security and compliance.
Posted Date
Release: Jul 9, 2026
Due Date
Close: Aug 7, 2026
Cybersecurity Awareness Training
AvailableThe City of Saskatoon is soliciting proposals for a comprehensive Cybersecurity Awareness Training program to reduce human‑error driven cyber risk (phishing, social engineering, ransomware, and improper data handling). The program must be repeatable, measurable, scalable across the City’s workforce and the contract term is shown as 36 months. Submissions are online only and the solicitation is open with a closing date of July 30, 2026 at 2:00:59 PM Saskatchewan (CST).
Posted Date
Release: -
Due Date
Close: Jul 30, 2026
Library Archive Digitization Services and 4 Option Years - CMMC Level 2 Self Assessment Required
AvailableThe Contractor shall provide a detailed Project Management Plan (PMP) outlining the execution strategy, staffing plan, timeline, risk mitigation, data extraction strategy with mapping to MARC21/RDA, and LSP ingestion (CDRL A001). Additionally, the Contractor shall provide training manuals and SOPs for OPAC users, catalogers, and administrators (CDRL A005). All manuals and SOPs shall be delivered 30 days prior to operational deployment date. Library Service Platform (LSP) Architecture & OPAC: The Contractor shall provide a 100% Web-Based LSP utilizing Library & Information Science design principles. The system must feature a dedicated Online Public Access Catalog (OPAC) and natively support library interoperability protocols, including Z39.50, SRU/SRW, and OAI-PMH. The platform must operate on a CI/CD Agile methodology for seamless upgrades. See attached file.
Posted Date
Release: Jul 14, 2026
Due Date
Close: Jul 23, 2026
Provide district insurance - property and cybersecurity.
Posted Date
Release: Jul 10, 2026
Due Date
Close: Aug 31, 2026
The Charter Township of Washington (Macomb County, MI) issued a solicitation titled “2026 Municipal Cybersecurity Assessment Services” requesting proposals for independent cybersecurity assessment services to evaluate the township's IT environment, identify vulnerabilities and risks, and recommend remediation and/or improvements. The solicitation was published on 2026-07-01 and proposals are due 2026-07-29 at 10:00 AM EDT. The BidNet/MITN posting indicates the solicitation documents and buyer contact information are accessible to registered members only; no buyer-hosted public PDF was found during research.
Posted Date
Release: Jul 1, 2026
Due Date
Close: Jul 29, 2026
CALNET Managed Cybersecurity Services.
Posted Date
Release: Jun 30, 2026
Due Date
Close: Sep 14, 2026
The 2026 Municipal Cybersecurity Assessment Services RFP solicits a qualified vendor to deliver independent cybersecurity assessment services for Michigan local government entities. The procurement is conducted through the MITN (Michigan Intergovernmental Trade Network) cooperative purchasing group, which is the standard procurement platform for Michigan municipalities and authorized intergovernmental bodies such as the Michigan Municipal Services Authority. Bidders must comply with the published scope of work, requirements document, and contract terms, with a closing date of July 29, 2026.
Posted Date
Release: Jul 1, 2026
Due Date
Close: Jul 29, 2026
The solicitation titled "2026 Municipal Cybersecurity Assessment Services" requests independent cybersecurity assessment, planning, and coaching services for Michigan local public entities under the State's Michigan Cyber Partners / MIDEAL program. The posting shows a publication date of 2026-07-01 and a bid closing on 2026-07-29 at 10:00 AM EDT; the solicitation page restricts issuing-organization details and bid documents to registered users. The DTMB program page indicates these services are procured from pre-qualified vendors through a competitive RFP process and are structured as vendor contracts (not a grant program).
Posted Date
Release: Jul 1, 2026
Due Date
Close: Jul 29, 2026
The U.S. Trade and Development Agency (USTDA) is funding a Technical Assistance activity for the implementation of a National Cybersecurity System (NCS) for civilian administrative authorities in the Republic of Bulgaria. Information Services JSC, the Bulgarian state-owned IT services provider acting as USTDA's host-country partner, invites qualified U.S. firms to submit proposals to develop a roadmap scaling up Information Services as the default national Security Operations Center (SOC) provider for Bulgarian government entities. The selected U.S. firm will be paid in U.S. dollars from a $1,382,849 USTDA grant and will deliver a financing plan, legal and regulatory analysis, development impact assessment, environmental and social impact assessment, U.S. sources of supply analysis, and a project implementation plan.
Posted Date
Release: Jun 8, 2026
Due Date
Close: Jul 20, 2026
FUSE,CARTRIDGE
AvailableThe U.S. Navy's NAVSUP Weapon Systems Support is soliciting quotes for the manufacture and design of fuse cartridges under solicitation N0010426QBZ62. Contractors must meet the specifications of manufacturer Mersen USA for part number 9F60BBD002-S and comply with quality assurance, packaging, cybersecurity maturity model certification, and security prohibitions/exclusions requirements. A Certificate of Compliance per DI-MISC-81356 is required for each unique combination of Contract/Purchase Order Number, National Stock Number, and Item Nomenclature.
Posted Date
Release: Jul 2, 2026
Due Date
Close: Aug 3, 2026
The Manufacturing & Services Acquisition (MASA) Manufacturing Support RFP, issued by the Naval Surface Warfare Center (NSWC) Indian Head Division, seeks contractors to provide build-to-print fabrication of military components and assemblies in support of various military projects. The procurement will result in multiple Firm-Fixed-Price (FFP) Indefinite Delivery Indefinite Quantity (IDIQ) supply-type contracts, with performance primarily at the NSWC Indian Head Division in Indian Head, Maryland. The work covers five task areas including first article testing, production hardware, R&D hardware, plating, and electronics assembly, with offerors required to comply with Cybersecurity Maturity Model Certification (CMMC) Level 2 (Self) requirements.
Posted Date
Release: Jul 14, 2026
Due Date
Close: Aug 4, 2026
Technical assistance: public administration cybersecurity.
Posted Date
Release: Jun 8, 2026
Due Date
Close: Jul 20, 2026
The Department of Veterans Affairs, Technology Acquisition Center NJ (36C10B) issued a Sources Sought notice (36C10B26Q0654 / VA-26-00064748) for Cybersecurity Architecture and Engineering Services to support the VA. The procurement seeks industry capability statements for cybersecurity architecture and engineering support services, with a planned performance period beginning around September 18, 2026 and an estimated contract value of $100M–$249M. Performance will be remote with a place of performance in New Jersey, consistent with the issuing TAC NJ office. NAICS code 541519 (Other Computer Related Services) applies, and responses are due July 23, 2026.
Posted Date
Release: Jul 15, 2026
Due Date
Close: Jul 23, 2026
The Village of Westchester is seeking proposals for a fully managed cybersecurity detection, response, and monitoring service, including managed endpoint detection and response, identity threat detection and response, security information and event management, and continuous real-time threat analysis with active human-led incident response.
Posted Date
Release: Jun 3, 2026
Due Date
Close: Jul 31, 2026
The Department of Veterans Affairs, Technology Acquisition Center NJ (36C10B) issued a Sources Sought notice (36C10B26Q0654 / VA-26-00064748) for Cybersecurity Architecture and Engineering Services to support the VA. The procurement seeks industry capability statements for cybersecurity architecture and engineering support services, with a planned performance period beginning around September 18, 2026 and an estimated contract value of $100M–$249M. Performance will be remote with a place of performance in New Jersey, consistent with the issuing TAC NJ office. NAICS code 541519 (Other Computer Related Services) applies, and responses are due July 23, 2026.
Posted Date
Release: Jul 15, 2026
Due Date
Close: Jul 23, 2026
Website Accessibility Compliance
AvailableThe Kansas State School for the Blind (KSSB) is soliciting proposals to ensure its website meets web accessibility standards (WCAG 2.1 Level AA), including automated and/or manual testing and remediation work. The solicitation is posted on the State of Kansas eSupplier portal and seeks a qualified vendor to assess and bring the KSSB website into compliance. Proposals are due on July 28, 2026 and will be submitted through the Kansas eSupplier procurement system.
Posted Date
Release: Jun 16, 2026
Due Date
Close: Jul 28, 2026
CEQA Compliance (RFQ)
AvailableProvide assistance with the preparation and processing of the required environmental documents under the environmental quality act (CEQA).
Posted Date
Release: Jun 26, 2026
Due Date
Close: Jul 28, 2026
Win More CMMC Compliance Services RFPs
Get AI-powered buying signals and real-time alerts for cmmc compliance services opportunities