San Bernardino County Employees' Retirement Association

Buyer seeks a firm to provide comprehensive cybersecurity assessment and services. The selected firm will perform cybersecurity evaluations, compliance assessments, penetration testing, purple team exercises, and retest remediated findings. Buyer also wants to establish a strategic partnership for ongoing cybersecurity consultation services. The contract will be for an initial three-year term with two options to extend for two additional years each.

• 4/15/2025 - RFP Release Date
• 5/9/2025 - Inquiry Deadline
• 5/12/2025 - Response to Inquiries
• 5/27/2025 - Proposal Due Date
• 6/2/2025 - Evaluation and Selection

• Comply with all relevant State and Federal regulations
• Five years experience performing each scope of service
• Team must include professionals with relevant certifications
• Experience with IT security frameworks and regulations
• Lead consultant must have 10+ years relevant experience

• Perform compliance assessment against NIST frameworks and relevant regulations
• Conduct penetration testing of external, internal, and web applications
• Execute social engineering testing including phishing simulations
• Perform wireless security assessments of corporate and guest networks
• Assess cloud security of infrastructure, applications, and configurations
• Evaluate IT governance structure and decision-making processes
• Perform AI security audit of systems and governance frameworks
• Conduct purple team exercises simulating real-world attacks
• Assess data protection protocols including encryption and access controls
• Retest remediated findings to validate vulnerability resolution