Qawalangin Tribe of Unalaska
PO Box 334 • Unalaska, AK 99685
907-581-2920
Request for Proposal (RFP): Cybersecurity Services for the Qawalangin Tribe of Unalaska
Introduction
The Qawalangin Tribe of Unalaska is seeking qualified cybersecurity service providers to enhance its cybersecurity posture over a one-year period. This RFP outlines our needs, including assessment, policy development, training, and system implementation. The selected provider would work closely with the Tribe's IT team and leadership to ensure robust and sustainable cybersecurity measures.
This procurement is conducted in accordance with the Tribe's approved Tribal Procurement Policy, ensuring fair, equitable, and transparent procurement practices. The Tribe strongly supports and encourages proposals from qualified Native- and Alaska Native-Owned entities in alignment with its Native Preference Policy.
Scope of Work
The selected provider would address the following key areas:
1. Assessment and Policy Framework Development
o Revisit and refine the Tribe’s assessment and baseline analysis of critical assets, risks, and compliance frameworks.
o Develop comprehensive cybersecurity policies and procedures for Tribal Council, operations, and IT systems, including:
 Access Control Policies.
 Data Protection and Encryption Standards.
 Incident Response and Disaster Recovery Plans.
 Third-party and supply chain security measures.
2. Employee Cybersecurity Education
o Provide live, instructor-led cybersecurity training sessions focused on:
 Identifying internal and external threats.
 Regulatory compliance requirements.
 Handling confidential information.
 Phishing and social engineering awareness.
RFP Cybersecurity - Qawalangin Tribe of Unalaska 2
3. Cybersecurity Training Bootcamp for Executives
o Facilitate annual cybersecurity boot camps tailored for executives and key leaders.
o Cover high-level cybersecurity requirements, risk management strategies, and implementation of controls.
4. Community Cybersecurity Workshop
o Organize a community-focused cybersecurity workshop to educate local organizations on:
 Social engineering tactics.
 Threat identification.
 Practical online safety recommendations.
5. Virtual Chief Information Security Officer (vCISO) Services
o Provide a dedicated vCISO to:
 Oversee cybersecurity program implementation and maintenance.
 Advise on risk management and policy compliance.
 Assist with simulated phishing tests and internal communications.
6. Collaboration with IT Team
o Work with the Tribe's IT team to implement:
 Endpoint security solutions.
 Network security measures (e.g., firewalls, VPNs, intrusion detection systems).
 Backup and recovery protocols.
7. Monitoring, Detection, and Response
o Implement continuous monitoring solutions (e.g., SIEM).
o Conduct vulnerability assessments and penetration tests.
o Develop and test an incident response plan through simulations.
8. Program Evaluation and Continuous Improvement
o Perform regular audits to measure program effectiveness.
o Provide post-incident reviews and lessons learned reports.
o Update employee training programs and technical controls to address emerging threats.
Native Preference
The Tribe’s Native Preference Policy would apply to this procurement. In accordance with the Policy:
1. Preference would be given to Native, Alaska Native, or Native-Owned economic enterprises if their bid is within 10% of the lowest responsive bid.
2. Proposals must include documentation demonstrating eligibility for Native Preference, including evidence of enrollment in a Federally Recognized Tribe or ownership and control of the organization by enrolled Tribal members.
RFP Cybersecurity - Qawalangin Tribe of Unalaska 3
Proposal Requirements
Interested providers should include:
• A detailed work plan and timeline for delivering the outlined services.
• An itemized cost proposal.
• Documentation of Native Preference eligibility, if applicable.
• Demonstrated experience in providing similar services, particularly to tribal entities.
• References from recent clients.
• Overview of compliance with industry standards and frameworks (e.g., NIST, CIS20).
Evaluation Criteria
Proposals would be evaluated based on the following criteria:
Criteria
Weight (%)
Technical expertise and demonstrated experience
30%
Cost-effectiveness and value for money
20%
Native Preference
10%
Training and educational offerings
15%
Ability to customize services for tribal and community needs
15%
References and past performance
10%
Native Preference would be applied as specified in the Policy, with eligible bidders receiving additional points or weight in evaluation.
Submission Instructions
Proposals must be received by December 31, 2024 to:
Qawalangin Tribe of Unalaska Attn: Katherine McGlashan
P.O. Box 334
Unalaska, AK 99685-0334
Email submissions are allowed, per Tribal Procurement, to katherine@qawalangin.com. Hard copies of all emailed submissions must be mailed in addition to the email submission.
For questions regarding the RFP, please contact Tanaya Horne at tanaya@qawalangin.com or 907-359-3295.
RFP Cybersecurity - Qawalangin Tribe of Unalaska 4
Timeline
• RFP Release Date: November 26, 20224
• Proposal Submission Deadline: December 31, 2024
• Evaluation Period: January 1, 2024 – January 31, 2024
• Contract Award Date: February 14, 2024
• Project Start Date: March 1, 2024
Procurement Method
This RFP is conducted under the Tribe's “Competitive Proposal” procurement method, as described in the Tribal Procurement Policy. Proposals would be evaluated on both technical and cost factors to ensure the best overall value for the Tribe.