Tender

Privilege Access Management PoC

MINISTRY OF JUSTICE

This public procurement record has 1 release in its history.

Tender

14 Apr 2022 at 09:46

Tender Notice
Summary of the contracting process

The Ministry of Justice is seeking proposals for a Privileged Access Management (PAM) proof of concept (PoC) contract, which aims to enhance security measures for system administration interfaces within Her Majesty's Courts and Tribunals Service (HMCTS). This opportunity falls under the services category, specifically focusing on data security software. The tender is currently in the active stage, with a submission deadline of 22 April 2022 and the PoC contract expected to commence on 2 May 2022 and conclude by 29 July 2022. The procurement method is open, allowing organisations to participate in the bidding process.

This tender presents a significant growth opportunity for businesses that specialise in cybersecurity solutions, particularly those offering PAM services, as HMCTS seeks to understand the benefits of implementing third-party security tools. Small and medium-sized enterprises (SMEs) are encouraged to apply, providing an avenue for innovative firms to showcase their expertise in mitigating cyber risks and enhancing security frameworks. Businesses equipped to address high-level requirements such as role-based access management and robust auditing capabilities will find this tender particularly aligned with their offerings.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

Privilege Access Management PoC

Notice Description

Opportunity Outline: PAM (Privileged Access Management) is an additional security measure that can be placed in front of a system administration interface. Her Majesty's Courts and Tribunals Service (HMCTS) intend to run a pro bono proof of concept (POC) process to better understand how PAM can help protect the department. What is PAM: PAM is based on two central concepts: Just in time Administration and Just enough Administration. Just in time Administration: No assumed access is granted; Request access must be made. A Temporary credential is given to the system administrator through workflow. Just enough administration: Just enough Administration is another way of describing the concept of least privilege. Benefits of PAM: It will make it more difficult for an attacker to pivot into critical services, from an already compromised management access workstation. It will introduce an additional source of auditing, making it easier to identify misuse of administration interfaces. This will act as a strong deterrent against the insider threat, where a legitimate system administrator may consider abusing their access. It will introduce additional guard rails to help system administrators. They will hold less responsibility to protect their access credentials. It will help protect them from accidentally making unintended changes. Privilege Access Management would be an Enterprise level initiative covering all business areas that are part of the strategic roadmap, however the initial focus is on two groups within HMCTS. This contract opportunity only covers the pro bono POC. Hence, it will be for a pro bono contract. Proof of Concept: HMCTS wish to run one POC with two suppliers, to understand if a third-party security tool would be of any benefit to HMCTS systems. The POC is envisioned to last up to 3 months and be carried out asap. High Level Requirements to be used for the POC: The Key requirements that operate as a baseline for mitigation of the Cyber risks are: Just-in-time Administration Request access - workflow Approval process Just enough Administration (Least privilege) Full system level/ global admin privilege should be an exception Definition of role-based access management Strong logging and auditing Logging keystrokes which could leverage behavioural analytics Session recording Centralisation Policy management and roll out Reporting / metrics - BI Based Periodical user entitlement reviews Additional information: Further information available, please email: CCMD-DandTSupplierInbox@justice.gov.uk

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501
Publication Source
Contracts Finder
Latest Notice
https://www.contractsfinder.service.gov.uk/Notice/2ff8ab9e-885c-4b5f-8508-e66147d07976
Current Stage
Tender
All Stages
Tender

Procurement Classification

Notice Type
Tender Notice
Procurement Type
Standard
Procurement Category
Services
Procurement Method
Open
Procurement Method Details
Open procedure (below threshold)
Tender Suitability
SME
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

48 - Software package and information systems

CPV Codes

48732000 - Data security software package

Notice Value(s)

Tender Value
Not specified
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
14 Apr 20223 years ago
Submission Deadline
22 Apr 2022Expired
Future Notice Date
Not specified
Award Date
Not specified
Contract Period
1 May 2022 - 29 Jul 2022 1-6 months
Recurrence
Not specified

Notice Status

Tender Status
Active
Lots Status
Not Specified
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
MINISTRY OF JUSTICE
Contact Name
Available with D3 Tenders Premium →
Contact Email
Available with D3 Tenders Premium →
Contact Phone
Available with D3 Tenders Premium →

Buyer Location

Locality
LONDON
Postcode
E14 3PU
Post Town
East London
Country
England
Major Region (ITL 1)
TLI London
Basic Region (ITL 2)
TLI4 Inner London - East
Small Region (ITL 3)
TLI42 Tower Hamlets
Delivery Location
Not specified
Local Authority
Tower Hamlets
Electoral Ward
Island Gardens
Westminster Constituency
Poplar and Limehouse

Further Information

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501-2022-04-14T10:46:07+01:00",
    "date": "2022-04-14T10:46:07+01:00",
    "ocid": "ocds-b5fd17-8f067b5e-3b8f-4f30-a895-35864320a501",
    "language": "en",
    "initiationType": "tender",
    "tender": {
        "id": "tender_303080/1064071",
        "title": "Privilege Access Management PoC",
        "description": "Opportunity Outline: PAM (Privileged Access Management) is an additional security measure that can be placed in front of a system administration interface. Her Majesty's Courts and Tribunals Service (HMCTS) intend to run a pro bono proof of concept (POC) process to better understand how PAM can help protect the department. What is PAM: PAM is based on two central concepts: Just in time Administration and Just enough Administration. Just in time Administration: No assumed access is granted; Request access must be made. A Temporary credential is given to the system administrator through workflow. Just enough administration: Just enough Administration is another way of describing the concept of least privilege. Benefits of PAM: It will make it more difficult for an attacker to pivot into critical services, from an already compromised management access workstation. It will introduce an additional source of auditing, making it easier to identify misuse of administration interfaces. This will act as a strong deterrent against the insider threat, where a legitimate system administrator may consider abusing their access. It will introduce additional guard rails to help system administrators. They will hold less responsibility to protect their access credentials. It will help protect them from accidentally making unintended changes. Privilege Access Management would be an Enterprise level initiative covering all business areas that are part of the strategic roadmap, however the initial focus is on two groups within HMCTS. This contract opportunity only covers the pro bono POC. Hence, it will be for a pro bono contract. Proof of Concept: HMCTS wish to run one POC with two suppliers, to understand if a third-party security tool would be of any benefit to HMCTS systems. The POC is envisioned to last up to 3 months and be carried out asap. High Level Requirements to be used for the POC: The Key requirements that operate as a baseline for mitigation of the Cyber risks are: Just-in-time Administration Request access - workflow Approval process Just enough Administration (Least privilege) Full system level/ global admin privilege should be an exception Definition of role-based access management Strong logging and auditing Logging keystrokes which could leverage behavioural analytics Session recording Centralisation Policy management and roll out Reporting / metrics - BI Based Periodical user entitlement reviews Additional information: Further information available, please email: CCMD-DandTSupplierInbox@justice.gov.uk",
        "datePublished": "2022-04-14T10:46:07+01:00",
        "status": "active",
        "classification": {
            "scheme": "CPV",
            "id": "48732000",
            "description": "Data security software package"
        },
        "items": [
            {
                "id": "1",
                "deliveryAddresses": [
                    {
                        "countryName": "British Oversea Territories"
                    },
                    {
                        "countryName": "Channel Islands"
                    },
                    {
                        "countryName": "Europe"
                    },
                    {
                        "countryName": "Isle of Man"
                    },
                    {
                        "countryName": "Rest of the World"
                    },
                    {
                        "countryName": "United Kingdom"
                    }
                ]
            }
        ],
        "procurementMethod": "open",
        "procurementMethodDetails": "Open procedure (below threshold)",
        "tenderPeriod": {
            "endDate": "2022-04-22T13:00:00+01:00"
        },
        "contractPeriod": {
            "startDate": "2022-05-02T00:00:00+01:00",
            "endDate": "2022-07-29T23:59:59+01:00"
        },
        "suitability": {
            "sme": true,
            "vcse": false
        },
        "mainProcurementCategory": "services",
        "documents": [
            {
                "id": "1",
                "documentType": "tenderNotice",
                "description": "Opportunity notice on Contracts Finder",
                "url": "https://www.contractsfinder.service.gov.uk/Notice/2ff8ab9e-885c-4b5f-8508-e66147d07976",
                "datePublished": "2022-04-14T10:46:07+01:00",
                "format": "text/html",
                "language": "en"
            },
            {
                "id": "2",
                "description": "n/a",
                "url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/423d39e7-e0cc-4738-a0a4-a2ffdf95064f",
                "format": "application/vnd.openxmlformats-officedocument.presentationml.presentation"
            }
        ]
    },
    "parties": [
        {
            "id": "GB-CFS-204453",
            "name": "Ministry of Justice",
            "identifier": {
                "legalName": "Ministry of Justice"
            },
            "address": {
                "streetAddress": "Ministry of Justice, 10 South Colonnade",
                "locality": "London",
                "postalCode": "E14 3PU",
                "countryName": "England"
            },
            "contactPoint": {
                "email": "CCMD-DandTSupplierInbox@justice.gov.uk"
            },
            "roles": [
                "buyer"
            ]
        }
    ],
    "buyer": {
        "id": "GB-CFS-204453",
        "name": "Ministry of Justice"
    }
}