Opportunity
Georgia Procurement Registry #RFP489
Network Security Audit and Vulnerability Assessment for Atlanta Regional Commission
Posted
March 26, 2026
Respond By
April 27, 2026
Identifier
RFP489
NAICS
541512
The Atlanta Regional Commission (ARC) Office of Information Technology is seeking a qualified provider for a comprehensive Network Security Audit and Vulnerability Assessment. - Government Buyer: - Atlanta Regional Commission (ARC), Office of Information Technology - OEMs and Vendors Mentioned: - Cisco (Cisco 3850, Cisco SG300) - Meraki (MS350 switches, MR Series access points) - Versa (firewall appliance) - Arctic Wolf Aurora (EDR) - Graylog (SIEM) - ManageEngine (SIEM) - Microsoft365 (email) - Products/Services Requested: - Network Security Audit and Vulnerability Assessment covering edge, network, systems, access management, and disaster recovery - Assessment of network environment including Cisco, Meraki, Versa, Arctic Wolf Aurora, Graylog, ManageEngine, and Microsoft365 systems - Deliverables: - Findings and assessment report - Risk analysis - 24-36 month security roadmap - Executive presentation - 30-day vulnerability risk assessments - Two full disaster recovery drills using AWS Elastic Disaster Recovery - Three tabletop exercises for the Cyber Response Team - Unique or Notable Requirements: - At least one team member must hold a CISA or equivalent certification (CISSP, CISM, CEH, or OSCP) - Experience with local government entities required - Assessment must be completed within 30 days - Compliance with Georgia Open Records law and ARC's conflict of interest standards - Maximum contract value is $45,000
Description
The Atlanta Regional Commission (ARC) Office of Information Technology is soliciting proposals from qualified, independent service providers experienced in cybersecurity assessments to conduct a comprehensive Network Security Audit and Vulnerability Assessment. The project aims to evaluate the maturity of ARC's information security program and provide expert technical guidance to enhance security posture and operational efficiency. Deliverables include a findings report, risk analysis, security roadmap, executive presentation, ongoing vulnerability assessments, disaster recovery drills, and tabletop exercises. The maximum contract value is $45,000, with proposals due by April 27, 2026.