National Association of State Procurement Officials

Menu

All Portfolios

Cybersecurity & Information Security Services

Buying from a NASPO ValuePoint Contract? Learn How

  • Portfolio Awarded:
  • Portfolio Expiration:
  • Portfolio Renewal Limit:

How to Buy from a NASPO ValuePoint Contract

If you’ve identified a portfolio or supplier on the NASPO ValuePoint website and are ready to make a purchase:
The first step is to check whether your state has a Participating Addendum (PA) for that contract. Each PA outlines which entities within the state (such as agencies, counties, cities, public universities, or school districts) are authorized to purchase from the agreement.

If your organization is covered by a PA:
The next step is to follow your state’s or your organization’s established procurement procedures to complete the purchase. NASPO ValuePoint does not issue purchase orders or manage individual transactions, as each state or local entity retains its own procurement authority. These processes can vary widely, some state agencies may be required to use a central procurement platform (for example, an ERP (SAP, Workday, JD Edwards, etc.) or eProcurement System (Ivalua, SOVRA, CGI Advantage, etc.)), while local entities such as public universities or municipalities may have their own systems and approval thresholds.

Because these rules differ from state to state and even between organizations within the same state, NASPO ValuePoint cannot prescribe a single buying process, but encourages purchasers to work within their local procurement guidelines when utilizing NASPO ValuePoint contracts.

Portfolio Snapshot

Everything you need to know about this portfolio's solicitation process.

Download Snapshot

Solicitation Documents

About the Portfolio

The state of Idaho, in furtherance of the NASPO ValuePoint Cooperative Purchasing Program, has established Master Agreements with suppliers of Cybersecurity & Information Security Services for all Participating States.

These new Master Agreements may be used by state governments (including departments, agencies, institutions), institutions of higher education, political subdivisions (i.e., colleges, school districts, counties, cities, etc.), the District of Columbia, territories of the United States, and other eligible entities subject to approval of the individual state procurement director and compliance with local statutory and regulatory provisions.

+ Read More

Award Information: There is a total of eleven (11) suppliers with a fully executed and available Master Agreement. For more information about the suppliers awarded and which categories they were awarded, please review the portfolio snapshot, located on this page.

Cyber Security and Information Security Services Master Agreements will allow state end users access to critical proactive and reactive Cybersecurity and Information Security Services.

Category 1 - Risk Assessment and Mitigation Services

Category 2 - Incident Response Services

Category 3 - Breach Coach Services

Category 4 - Notification and Credit Monitoring Services

CATEGORY 1 - Risk Assessment and Mitigation Services

Risk assessment and mitigation services: professional services that help organizations identify potential risks, evaluate their likelihood and impact, and then develop strategies to minimize or eliminate those risks, essentially protecting the organization's assets and ensuring business continuity by proactively addressing potential threats; it involves both analyzing potential dangers and taking proactive steps to manage them effectively. 

  • Risk identification: Identifying potential hazards and threats that could affect the organization, including internal and external factors. 
  • Risk analysis: Evaluating the likelihood and severity of each identified risk, often using qualitative or quantitative methods. 
  • Risk prioritization: Ranking risks based on their potential impact and likelihood of guiding mitigation efforts. 
  • Mitigation strategy development: Creating actionable plans to address each identified risk, including preventive measures, contingency plans, and risk transfer options. 
  • Implementation and monitoring: Putting mitigation strategies into practice and regularly reviewing their effectiveness to adapt to changing circumstances. 

CATEGORY 2 - INCIDENT RESPONSE SERVICES

All incident response services must be carried out by trained experts and meet all legal standards. Incident response services assist organizations in detecting, containing, and mitigating damage from cybersecurity breaches or attacks, essentially providing a rapid response to security incidents to minimize harm and restore system functionality when a threat occurs; they aim to identify, analyze, and address security issues quickly, while also learning from past incidents to improve future preventative measures. 

Key points about incident response services:

  • Function: When a security breach happens, the incident response team is activated to manage the situation, including isolating the threat, investigating its origin, and taking steps to prevent further damage. 

  • Benefits:
    • Expertise: Access to specialized cybersecurity professionals who can handle complex threats. 
    • Rapid response: Quick identification and containment of incidents, minimizing potential damage. 
    • Improved security posture: Analysis of incidents to identify vulnerabilities and implement preventative measures. 
  • Typical services:
    • Threat detection and analysis 
    • Incident containment and eradication 
    • Data recovery and restoration 
    • Forensics investigation 
    • Post-incident reporting and improvement planning

CATEGORY 3 - BREACH COACH SERVICES

Data breach coaching services involve specialized guidance and support for businesses experiencing or at risk of a cybersecurity incident, offered to help navigate the incident response process and mitigate potential damages. Please note: Any and all legal services on behalf of the Purchasing Entity must be approved by Purchasing Entity at the time the Work Order is executed, some Purchasing Entities may require additional internal approval of any outside legal services.

CATEGORY 4 - NOTIFICATION AND CREDIT MONITORING SERVICES

Call Center, Credit Monitoring Identity Theft Monitoring, Notification services

Products & Services

  • Category 1 - Risk Assessment and Mitigation Services
  • Category 2 - Incident Response Services
  • Category 3 - Breach Coach Services
  • Category 4 - Notification and Credit Monitoring

Have suggestions for additional products and services in this portfolio?
Contact Us

All Suppliers (11)

22nd Century Technologies, Inc.
22nd Century Technologies, Inc. logo

22nd Century Technologies, Inc.

Assurit Consulting Group, LLC
Assurit Consulting Group, LLC logo

Assurit Consulting Group, LLC

Cogent Infotech Corporation
Cogent Infotech Corporation logo

Cogent Infotech Corporation

Gartner, Inc.
Gartner, Inc. logo

Gartner, Inc.

Global Solutions Group, Inc.
Global Solutions Group, Inc. logo

Global Solutions Group, Inc.

Identity Theft Guard Solutions, Inc. dba IDX
Identity Theft Guard Solutions, Inc. dba IDX logo

Identity Theft Guard Solutions, Inc. dba IDX

Infosys Public Services, Inc.
Infosys Public Services, Inc. logo

Infosys Public Services, Inc.

NTT DATA State Health Consulting, LLC
NTT DATA State Health Consulting, LLC logo

NTT DATA State Health Consulting, LLC

Online Enterprises, Inc. dba Online Business Systems (OBS)
Online Enterprises, Inc. dba Online Business Systems (OBS) logo

Online Enterprises, Inc. dba Online Business Systems (OBS)

Qlogic, LLC
Qlogic, LLC logo

Qlogic, LLC

Science Systems & Applications, Inc.
Science Systems & Applications, Inc. logo

Science Systems & Applications, Inc.

NASPO ValuePoint makes every effort to maintain the accuracy and completeness of the documents on this website. However, all official records are maintained by the Lead State (or Participating Entity, in the case of participating addenda). In the event of any conflict between the documents on this site and an entity’s official records, the official records govern.

Questions, concerns, and feedback on this website’s content may be sent to [email protected].

Close

Participating Addenda


Select a state or territory on the map to view participating addenda.


Contact the Lead State:
Idaho

Mike Gwinn
[email protected]
2087817320


Contact NASPO

For Buyers

Tia Corbett
Cooperative Portfolio Manager
[email protected]

For Suppliers

Chris Price
Supplier Engagement Manager
[email protected]

What is a Participating Addendum?

A Participating Addendum (PA) is generally used by a state Chief Procurement Official (CPO) to establish a state contract tied to a specific NASPO ValuePoint master agreement. The PA identifies unique terms and conditions specific to a state and identifies state agencies and other eligible entities in the state that are authorized to participate in the agreement. A state CPO may issue PAs that allow participation as follows:

  • Statewide provides for participation by all state and local government agencies and other eligible entities within the state
  • State only provides for participation only by state agencies.
  • Non State entities only provides for participation by local government agencies and other eligible entities, but prohibits participation by state agencies.

Review your state’s Participating Addendum (PA) to determine eligibility. If a PA is not currently in place, contact the state CPO to discuss whether participation may be considered.

For questions related to participation in NASPO ValuePoint master agreements, please contact the Cooperative Contract Coordination team at [email protected].

Close

Hawaii


State PAs

Non-State PAs

  • No non-state PAs available for Hawaii.

Idaho


State PAs

Non-State PAs

  • No non-state PAs available for Idaho.

New Mexico


State PAs

Non-State PAs

  • No non-state PAs available for New Mexico.

Oregon

Download the Participating Addendum


State PAs

  • Identity Theft Guard Solutions, Inc. dba IDX | State of Oregon
    State of Oregon | MA2025006
    Participating Addendum

Non-State PAs

  • No non-state PAs available for Oregon.

Washington

Download the Participating Addendum


State PAs

  • 22nd Century Technologies, Inc. | State of Washington
    State of Washington | MA2025001
    Participating Addendum

Non-State PAs

  • No non-state PAs available for Washington.

Wisconsin

Download the Participating Addendum


State PAs

Non-State PAs

  • No non-state PAs available for Wisconsin.