REQUEST FOR PROPOSAL (RFP)
RFP #2026-19
24/7 CYBERSECURITY MONITORING,
PATCH MANAGEMENT, AND CYBER NETWORK
MONITORING SERVICES
JASPER COUNTY, SOUTH CAROLINA
JUNE 4, 2026
1. INTRODUCTION
1.1 Purpose
Jasper County Government (“County”) is soliciting sealed proposals from qualified
cybersecurity managed service providers (MSPs), managed security service providers (MSSPs),
or cybersecurity consulting firms to provide comprehensive 24/7 cybersecurity monitoring,
cyber network monitoring, patch management, incident response support, and compliance-
related cybersecurity services until Wednesday, July 1, 2026, at 1:00 p.m. at which time the
names of the Proposers will be publicly read aloud in the Jasper County Council Chamber.
The County seeks a vendor partner capable of leveraging the County’s existing cybersecurity and
IT infrastructure, tools, and software platforms while enhancing the County’s overall
cybersecurity posture. The selected vendor should provide continuous monitoring, proactive
threat detection, vulnerability management, patch management, incident response coordination,
reporting, and audit support.
Additionally, the selected vendor shall be responsible for assisting with and completing all
required NCIC, CJIS, and South Carolina Law Enforcement Division (SLED) cybersecurity
audits, compliance reviews, documentation, and reporting requirements applicable to Jasper
County Government.
2. BACKGROUND
Jasper County Government operates a diverse technology environment supporting county
administration, public safety, emergency services, judicial systems, public works, finance, GIS,
and other county operations. The County maintains cybersecurity tools and software currently in
place and desires a cybersecurity partner capable of integrating with and utilizing existing
systems wherever feasible.
The County’s primary goals include:
• Enhancing cybersecurity visibility and protection
• Providing continuous 24/7 monitoring and alerting
• Reducing cybersecurity risk exposure
• Improving incident response readiness
Page 1 of 13
• Maintaining compliance with CJIS, NCIC, SLED, and applicable state and federal
cybersecurity standards
• Strengthening vulnerability and patch management processes
• Ensuring operational continuity and cybersecurity resilience
3. SCOPE OF SERVICES
The selected vendor shall provide the following services at a minimum.
3.1 24/7 Security Operations Center (SOC) Monitoring
Vendor shall provide continuous 24 hours per day, 7 days per week, 365 days per year
cybersecurity monitoring services.
Services shall include:
• Continuous monitoring of network traffic, endpoints, servers, firewalls, switches, routers,
and security devices
• Monitoring of security events, alerts, and logs
• Threat detection and correlation analysis
• Real-time alerting and escalation procedures
• Detection of ransomware, malware, unauthorized access attempts, and suspicious activity
• Continuous review of security telemetry and threat indicators
• Identification and triage of critical cybersecurity incidents
• Threat intelligence integration
• Continuous monitoring of cloud-based systems and services where applicable
• Security event management and reporting
• Security log review and analysis
• Security alert prioritization and escalation
Vendor shall provide documented escalation procedures and incident notification timelines.
3.2 Cyber Network Monitoring
Vendor shall provide comprehensive cyber network monitoring services for the County’s IT
infrastructure.
Services shall include:
• Network traffic analysis
• Internal and external network monitoring
• Firewall monitoring and rule review
• Intrusion detection and prevention monitoring
• Unauthorized device detection
Page 2 of 13
• Network anomaly detection
• Bandwidth and suspicious communication monitoring
• Monitoring for lateral movement within the network
• DNS monitoring and analysis
• VPN monitoring
• Remote access monitoring
• Monitoring of privileged accounts and administrative access
• Continuous health monitoring of cybersecurity systems
Vendor shall provide recommendations for improving network security architecture where
vulnerabilities or weaknesses are identified.
3.3 Patch Management Services
Vendor shall provide comprehensive patch management services utilizing the County’s existing
software and patch management tools whenever feasible.
Services shall include:
• Operating system patch management
• Third-party software patch management
• Firmware update management
• Security update testing and validation
• Critical vulnerability remediation
• Patch deployment scheduling and coordination
• Emergency patch deployment for critical threats
• Patch compliance reporting
• Vulnerability prioritization
• Documentation of applied patches and remediation activities
• Verification and validation of successful patch deployment
Vendor shall maintain procedures to minimize operational disruption while ensuring timely
remediation of vulnerabilities.
3.4 Vulnerability Management
Vendor shall provide ongoing vulnerability management services.
Services shall include:
• Routine vulnerability scanning
• Internal and external vulnerability assessments
• Vulnerability prioritization based on risk
• Remediation recommendations
• Validation of remediation efforts
Page 3 of 13
• Reporting of critical vulnerabilities
• Risk scoring and tracking
• Assistance with remediation planning
• Coordination with County IT staff
Vendor shall provide monthly vulnerability assessment summaries and remediation status
reports.
3.5 Incident Response Services
Vendor shall provide incident response support services.
Services shall include:
• Incident detection and analysis
• Incident containment recommendations
• Threat eradication support
• Recovery assistance
• Root cause analysis
• Incident documentation
• Forensic coordination support
• Coordination with County IT staff and leadership
• Escalation procedures for critical incidents
• After-action reporting and recommendations
Vendor shall provide emergency contact procedures and escalation paths available 24/7.
3.6 Existing Tools and Software Integration
The County intends to maintain and continue utilizing existing cybersecurity and IT management
tools where operationally feasible.
Vendor shall:
• Assess and integrate with the County’s existing cybersecurity tools
• Utilize existing monitoring, logging, and endpoint solutions whenever possible
• Minimize unnecessary replacement of existing systems
• Provide recommendations only where improvements are necessary
• Identify any required licensing or integration costs
• Coordinate with County IT staff regarding compatibility and implementation
Vendor shall clearly identify:
• Tools currently supported
• Additional tools proposed
Page 4 of 13
• Any required software changes
• Any additional hardware requirements
• Any licensing dependencies
3.7 Compliance and Audit Support
The selected vendor shall be responsible for supporting and completing cybersecurity-related
audits and compliance requirements applicable to Jasper County Government.
This includes, but is not limited to:
• NCIC audit preparation, management, and support
• SLED cybersecurity audit support and completion
• CJIS audit preparation, compliance support, and documentation management
• CJIS Security Policy compliance assistance
• Security documentation maintenance
• Policy and procedure review assistance
• Audit evidence collection and preparation
• Remediation planning for audit findings
• Compliance reporting
• Coordination with state and law enforcement entities as required
• Assistance with cybersecurity risk assessments
• Documentation necessary for compliance reviews
Vendor must demonstrate familiarity with:
• NCIC requirements
• CJIS Security Policy
• South Carolina state cybersecurity requirements
• SLED audit expectations
• Government cybersecurity best practices
• Law enforcement system security requirements
Vendor shall assume primary responsibility for completing all required cybersecurity audit
deliverables under the scope of this contract.
3.8 Reporting Requirements
Vendor shall provide detailed reporting including:
• Weekly cybersecurity briefing reports summarizing incidents, vulnerabilities,
remediation activities, patching status, and threat activity
• Weekly status meetings or virtual briefings with County IT leadership as requested
• Comprehensive monthly executive cybersecurity reports
• Incident summaries
Page 5 of 13
You are viewing the opportunity summary page, which includes a brief overview and a preview of the attached documents.