Arizona State University

Buyer seeks to contract accredited CMMC Third Party Assessment Organizations (C3PAOs) to conduct rigorous cybersecurity assessments for achieving CMMC Level 2. The selected C3PAO will perform comprehensive CMMC assessments across the buyer's applicable research enclaves and project scopes. The scope includes evaluating and certifying the cybersecurity posture to meet specified CMMC-level requirements. Buyer anticipates issuing multiple awards under this RFP.

• 10/22/2024 - Bid Open Date
• 10/29/2024 - Deadline for Inquiries
• 11/13/2024 - Proposal Due Date

• Active accreditation as a C3PAO by the CMMC Accreditation Body (Cyber-AB)
• Minimum three years experience in cybersecurity assessment for federal contracts
• Provide minimum two references with similar services experience

• Conduct comprehensive CMMC assessments for compliance across required levels
• Provide detailed reporting on assessment findings and recommendations
• Conduct reassessments post-remediation to verify compliance
• Support ASU in remediation efforts with appropriate services
• Tailor assessment approach for a large research institution
• Manage assessments across multiple research enclaves and complex project scopes
• Ensure compliance with Cyber-AB's code of ethics and maintain impartiality
• Protect sensitive information during assessment process
• Communicate and coordinate effectively with ASU during assessment
• Sign NDA prior to project start date