Department of Public Safety of the State of Texas

Buyer is seeking cybersecurity services that comply with stringent requirements for the protection of sensitive data. The vendor must maintain CJIS compliance for handling criminal justice information. Services must include comprehensive security controls for user access, system security, data protection, and incident response. The vendor will be required to maintain security systems within the United States and provide rapid notification of any security incidents.

• 5/22/2025 - Proposal Due Date

• Implement CJIS-compliant security controls for hosted services
• Provide secure authentication including two-factor for administrative accounts
• Maintain comprehensive audit logging of system activities
• Conduct vulnerability scanning and remediation within 90 days
• Implement encryption for all data transmitted outside secure networks
• Provide data breach notification within four hours of discovery
• Maintain physical and environmental security controls for facilities
• Implement mobile device management for secure remote access
• Secure data erasure capabilities for equipment at end of life
• Maintain cyber insurance coverage for security breaches