State of South Dakota Bureau of Information & Technology

Buyer seeks to assess their capabilities in preventing, detecting, and responding to cyber-attacks targeting the Executive Branch. The assessment will enable buyer to engage in real-time attacks and utilize incident response playbooks. Buyer is requesting separate proposals for both a red team exercise and a purple team exercise. The assessment will cover web applications, networks, and computer systems within the Executive Branch.

• 5/16/2025 - RFP Publication
• 6/6/2025 - Deadline for Submission of Written Inquiries
• 6/13/2025 - Deadline for Responses to offeror Questions
• 6/30/2025 - Proposal Due Date
• 7/31/2025 - Evaluation of Proposals to Determine Short List
• 8/15/2025 - Demonstrations and presentations
• 9/30/2025 - Anticipated Award Decision/Contract Negotiation

• Conduct red team penetration testing exercises remotely
• Conduct purple team exercises with on-site presence
• Assess web applications, networks, and computer systems
• Validate logging and connections before assessment begins
• Perform common and advanced attack simulations
• Create executive summary with security posture rating
• Develop technical report outlining simulated attack scenarios
• Document indicators of compromise with timestamps
• Provide guidance on attack simulations with documentation
• Deliver recommendations for cybersecurity improvements