CMMC Compliance Services RFPs

The University of Michigan is soliciting proposals from certified C3PAO suppliers to perform a Level 2 CMMC assessment for a cloud-hosted, third-party managed environment, ensuring compliance with NIST SP 800-171 r2. The work includes review of implementation and documentation across all NIST SP 800-171 domains and assessment objectives, with deliverables to be completed within one year of contract start. Proposals are due June 10, 2026, and the opportunity is currently open for bidding.

provide CMMC Level 2 certification assessment services by an authorized CMMC Certified Third-Party Assessor Organization, also referred to as a C3PAO. The selected Contractor shall perform CMMC Level 2 certification assessments for two separate information systems implemented as two distinct Azure Government GCC High tenants, identified as Tenant A and Tenant B. See attached file.

The University of Michigan is seeking proposals from qualified suppliers to conduct a cybersecurity program maturity assessment aligned with the NIST Cybersecurity Framework. The selected vendor will partner with technology teams across U-M Health hospital systems to perform interviews, information gathering, and assessment activities. This initiative aims to evaluate and enhance the cybersecurity posture of the university's healthcare infrastructure over a three-year contract term.

The University of Michigan seeks qualified suppliers to partner with technology teams across its hospital systems to perform interviews, information gathering, and a cybersecurity capability maturity assessment aligned with the NIST Cybersecurity Framework. The selected supplier will deliver an assessment, associated deliverables, and enter into a multi-year contract with an anticipated three-year term. The solicitation is currently open with a submission deadline of June 8, 2026.

Weber State University is soliciting bids for CMMC Level 2 audit services to achieve certification for the Miller Advanced Research and Solutions Center (MARS). The contract is a one-time purchase order awarded to the lowest responsive and responsible bidder, with a performance period extending up to 120 days after award. Bidders are required to submit various forms, including a Professional Services Agreement and Conflict of Interest Disclosure, by the May 29, 2026 deadline.

Data Cybersecurity, and Related Audit, Compliance, and Incident Responses Services Reopening.

The Massachusetts Department of Conservation and Recreation (DCR) seeks vendors to establish a Master Service Agreement to provide health and safety certification and training, and environmental and compliance certification and training. The solicitation (BD-22-1020-DCRCU-DC250-67989) was posted with an open date of 2021-11-07 and a close date of 2027-01-31.

Ann Arbor Public Schools has issued a Request for Proposals for Cybersecurity services under Opportunity ID RFP-AAP-260000002083-1. The solicitation was officially posted on the State of Michigan SIGMA Vendor Self Service system on May 22, 2026. Interested vendors must search the SIGMA portal using the specific Opportunity ID to access full documentation and submission requirements before the June 4, 2026 deadline.

Procurement of comprehensive cybersecurity services, including risk assessment, managed security, incident response, compliance, policy development, and training for information technology infrastructure, systems, and data.

Seeking qualified bids for mdr cybersecurity

The Department of Transportation issued a justification to extend an existing BPA order for cybersecurity management support services to allow for IT workforce restructuring. The extension moves the order expiration from April 2026 to August 2026 and covers tasks such as vulnerability management, FISMA compliance, and CDM tool operations. The scope includes the use of AI for risk management modernization and alignment with OMB and Executive Order 14028 guidance.

Johnson County is seeking proposals from qualified vendors to provide comprehensive managed IT and cybersecurity services, including help desk support, network monitoring, and patch management. The scope encompasses business continuity, disaster recovery, and security systems monitoring to ensure the integrity of the county's digital infrastructure. Proposals must be submitted to the Commissioners Office in Buffalo, Wyoming, by the specified deadline in May 2026.

Cybersecurity of novel technology implementations in operating and new/advanced reactors - artificial intelligence and machine learning.

The Region 5 Education Service Center issued an RFP for Property, Liability, Cybersecurity, and Windstorm/Terrorism coverage for the contract period July 1, 2026 – June 30, 2027 with options for multi-year extensions. The solicitation requests proposers provide specimen coverage documents, quote multiple plan options, and meet licensing, financial statement, and insurance requirements. Submissions are due via the buyer’s Bonfire portal on June 22, 2026, with vendor questions due by June 12, 2026.

The Department of the Navy issued Solicitation N0010426QBS04 for the procurement of a coil assembly under NAICS 333415. Proposals are due June 4, 2026, and the procurement includes specific requirements for higher-level contract quality and cybersecurity maturity model certification. The solicitation indicates FOB destination and references mandatory material reviews at the BPMI site.

The Universal Service Administrative Company (USAC) has issued a Request for Proposals to acquire Enterprise Cybersecurity and Monitoring Services and provided instructions on how to respond. The solicitation (IT-26-073) is posted via USAC’s procurement page and is listed on SAM.gov as a Combined Synopsis/Solicitation; proposals are due June 10, 2026 at 11:00 AM ET. This is a procurement and communications are to be directed to USAC’s contracting office contacts listed in the SAM.gov notice.

Seeking experienced and qualified operational technology (OT) cybersecurity consultants to provide an infrastructure servers and architecture survey and provide an upgrade to critical cybersecurity documents. The successful proposer must offer critical OT Cybersecurity survey services and provide cybersecurity documents including Incident Response Procedure, Business Continuity Plan, Disaster Recovery Plan, and OT Cybersecurity Policies and Procedures at the UConn Cogeneration Facility. See attached files.

Procurement of legal consultation services with staff regarding agency compliance with federal requirements; training for agency staff regarding compliance with federal requirements; and training on behalf of the agency to local educational agencies, and other educational entities, regarding compliance with federal requirements. The PED requests a multi-year proposal to provide services as identified in this RFP—including legal consultation services with staff regarding agency compliance with federal requirements for fiscal years ending June 30, 2023; June 30, 2024; June 30, 2025; and June 30, 2026.

WorkSafeBC is seeking proposals for a comprehensive cybersecurity awareness training solution to educate its workforce. The selected provider will deliver services aimed at improving the organization's security posture through structured training modules. All official documents and amendments for this solicitation are hosted on the BC Bid portal.

The Department of the Navy, NAVSUP Weapon Systems Support, is soliciting proposals for the manufacture and procurement of power cable assemblies. The requirement includes First Article Testing (FAT) and requires vendors to be certified in accordance with NAVSEA S9320-AM-PRO-020/MLDG standards. Proposals must address cybersecurity maturity model certification requirements and comply with Buy American regulations.