Published date: 14 April 2022
Closed opportunity - This means that the contract is currently closed. The buying department may be considering suppliers that have already applied, or no suitable offers were made.
Contract summary
Industry
Data security software package - 48732000
Location of contract
Any region
Value of contract
£0
Procurement reference
tender_303080/1064071
Published date
14 April 2022
Closing date
22 April 2022
Closing time
1pm
Contract start date
2 May 2022
Contract end date
29 July 2022
Contract type
Service contract
Procedure type
Open procedure (below threshold)
Any interested supplier may submit a tender in response to an opportunity notice.
This procedure can be used for procurements below the relevant contract value threshold.
Contract is suitable for SMEs?
Yes
Contract is suitable for VCSEs?
No
Description
Opportunity Outline:
PAM (Privileged Access Management) is an additional security measure that can be placed in front of a system administration interface. Her Majesty's Courts and Tribunals Service (HMCTS) intend to run a pro bono proof of concept (POC) process to better understand how PAM can help protect the department.
What is PAM:
PAM is based on two central concepts: Just in time Administration and Just enough Administration.
Just in time Administration: No assumed access is granted; Request access must be made. A Temporary credential is given to the system administrator through workflow.
Just enough administration: Just enough Administration is another way of describing the concept of least privilege.
Benefits of PAM:
It will make it more difficult for an attacker to pivot into critical services, from an already compromised management access workstation.
It will introduce an additional source of auditing, making it easier to identify misuse of administration interfaces. This will act as a strong deterrent against the insider threat, where a legitimate system administrator may consider abusing their access.
It will introduce additional guard rails to help system administrators. They will hold less responsibility to protect their access credentials. It will help protect them from accidentally making unintended changes.
Privilege Access Management would be an Enterprise level initiative covering all business areas that are part of the strategic roadmap, however the initial focus is on two groups within HMCTS.
This contract opportunity only covers the pro bono POC. Hence, it will be for a pro bono contract.
Proof of Concept:
HMCTS wish to run one POC with two suppliers, to understand if a third-party security tool would be of any benefit to HMCTS systems.
The POC is envisioned to last up to 3 months and be carried out asap.
High Level Requirements to be used for the POC:
The Key requirements that operate as a baseline for mitigation of the Cyber risks are:
Just-in-time Administration
Request access - workflow
Approval process
Just enough Administration (Least privilege)
Full system level/ global admin privilege should be an exception
Definition of role-based access management
Strong logging and auditing
Logging keystrokes which could leverage behavioural analytics
Session recording
Centralisation
Policy management and roll out
Reporting / metrics - BI Based
Periodical user entitlement reviews
More information
Attachments
Additional text
-
Further information available, please email: CCMD-DandTSupplierInbox@justice.gov.uk
About the buyer
Address
Ministry of Justice, 10 South Colonnade
London
E14 3PU
England
Share this notice
Closing: 22 April 2022, 1pm
All content is available under the
