CMMC Compliance Services RFPs

provide CMMC Level 2 certification assessment services by an authorized CMMC Certified Third-Party Assessor Organization, also referred to as a C3PAO. The selected Contractor shall perform CMMC Level 2 certification assessments for two separate information systems implemented as two distinct Azure Government GCC High tenants, identified as Tenant A and Tenant B. See attached file.

The Massachusetts Department of Conservation and Recreation (DCR) seeks vendors to establish a Master Service Agreement to provide health and safety certification and training, and environmental and compliance certification and training. The solicitation (BD-22-1020-DCRCU-DC250-67989) was posted with an open date of 2021-11-07 and a close date of 2027-01-31.

Provide three year subscription for cybersecurity software.

Cybersecurity vulnerability analysis.

The scope of this task order encompasses a range of cyber security support services.

The Region 5 Education Service Center issued an RFP for Property, Liability, Cybersecurity, and Windstorm/Terrorism coverage for the contract period July 1, 2026 – June 30, 2027 with options for multi-year extensions. The solicitation requests proposers provide specimen coverage documents, quote multiple plan options, and meet licensing, financial statement, and insurance requirements. Submissions are due via the buyer’s Bonfire portal on June 22, 2026, with vendor questions due by June 12, 2026.

City Colleges of Chicago (Office of Internal Audit) is soliciting proposals for an internal audit of IT General Controls and cybersecurity governance across its colleges to assess design and operating effectiveness using COBIT 2019 and the NIST Cybersecurity Framework. The engagement includes risk-based audit planning, fieldwork, and deliverables such as an Audit Workplan, Draft and Final Internal Audit Reports, and periodic status updates, with a contract period of approximately 12 months. The solicitation was posted on 2026-06-09 and proposals are due 2026-07-17 on the CCC Bonfire procurement portal.

Seeking experienced and qualified operational technology (OT) cybersecurity consultants to provide an infrastructure servers and architecture survey and provide an upgrade to critical cybersecurity documents. The successful proposer must offer critical OT Cybersecurity survey services and provide cybersecurity documents including Incident Response Procedure, Business Continuity Plan, Disaster Recovery Plan, and OT Cybersecurity Policies and Procedures at the UConn Cogeneration Facility. See attached files.

Procurement of legal consultation services with staff regarding agency compliance with federal requirements; training for agency staff regarding compliance with federal requirements; and training on behalf of the agency to local educational agencies, and other educational entities, regarding compliance with federal requirements. The PED requests a multi-year proposal to provide services as identified in this RFP—including legal consultation services with staff regarding agency compliance with federal requirements for fiscal years ending June 30, 2023; June 30, 2024; June 30, 2025; and June 30, 2026.

Technical assistance: public administration cybersecurity.

CISCO Networking Equipment for Cybersecurity Lab Enhancements

Procurement of legal consultation services and training for agency staff and educational entities on federal compliance requirements.

Seeking a contractor to provide technical and consultative assistance to ocyf s bureau of budget and fiscal support (bbfs) to support, monitor, and evaluate ccya and jpo ability to adhere and adherence to all state and federal laws, policies, and best practices.

The U.S. Army (ACC-APG) issued a Notice of Intent to Sole Source cybersecurity research and development services and intends to solicit and negotiate only with the University of Texas at El Paso (UTEP) for an IDIQ contract to support DEVCOM Analysis Center (DAC) laboratories. The anticipated ordering period is five years with CPFF task orders; the notice states that responses are due by June 16, 2026 and provides a contracting point of contact (Alexander Cheatham). This notice is a presolicitation/sole-source notice (not a competitive RFP or grant).

Develop and deliver a comprehensive disaster relief and all-hazards emergency management plan,, inclusive of cybersecurity and information systems resilience, for the authority's public housing developments and administrative operations. See attached file.

Seeking a vendor to bring their website and all documents into compliance with the Disability Act.

The Space Acquisition and Integration Office (SAIO) of the U.S. Department of Defense is seeking industry input via a Request for Information (RFI) for the Communications, Network, Engineering, Cybersecurity, and Information Technology Services (CNECTS) contract, an estimated $300M–$360M program. The government is requesting industry feedback on acquisition strategy, evaluation criteria, and risk assessment and will host an industry day and limited one-on-one sessions in Colorado Springs. Registration for the industry day is required by February 23, 2026, with the event scheduled for March 11, 2026.

Qualified cybersecurity managed service providers (MSPs), managed security service providers (MSSPs), or cybersecurity consulting firms to provide comprehensive 24/7 cybersecurity monitoring, cyber network monitoring, patch management, incident response support, and compliance-related cybersecurity services. See outside link.

The State of Minnesota is seeking a Licensure Compliance System to modernize and support licensure and enforcement functions for the Board of Accountancy and the AELSLAGID Board. This project focuses on securing expert business analysis and technical writing services to define user requirements and evaluate market options for a new system. The solicitation is managed through the MNBuys procurement portal and is intended to replace legacy processes with a modern technical solution.

Provide emissions compliance service.