Closed

Independent Cyber Security Assessment for the Practicum Exchange Website DM-25898

Tender ID: 568356


Tender Details

Tender #:
DM-25898  
Status:
Closed
Publish Date:
26 September 2024
Closing Date:
30 September 2024

Tender Description

This Tender is invited by the Issuer.

The Department of Education (the department) has engaged an external vendor to design and build the Practicum Exchange (PE) website, which is now in the final stages of completion and due to be launched late September 2024.

The project requires an external IT Cyber Security assessor with demonstrated experience in the Protective Security Policy Framework (PSPF) and the Information Security Manual (ISM) to conduct a Cyber Security assessment of the PE Website.

The assessment must be performed against the ISM ensuring that the hosting and information storage meets the Department of Employment and Workplace Relations and the Australian Government standards including the PSPF and the Hosting Certification Framework (HCF).

Outcome

The newly developed external Practicum Exchange Website requires a cyber security assessment to determine if it should be approved for an Authority to Operate (AtO).

A third party has been engaged to develop the site and a subsequent fourth party has been engaged to provide infrastructure services to host the site and its information.

The department requires experienced, independent assessors to complete an assessment and report to allow the department to determine the risks associated with approving an Authority to Operate.

Assessment must be in line with the department's Cyber Security Authorisation Policy and Risk Management Framework.

Deliverables

The procured ICT assessors complete the independent Cyber Security assessment for the Practicum Exchange Website with the required security documentation substantiated with supporting evidence in accordance with the Australian Government standards (PSPF - Protective Security Policy Framework, ISM - Information Security Manual, HCF - Hosting Certification Framework) for the Department’s approval.

The successful vendor may be required to assess some or all of the following documentation provided by the website vendor in line with ACSC ISM, PSPF and Essential Eight Maturity Model:

  • Security Overview Document
  • System Security Plan
  • System Security Plan — Annex
  • Incident Response Plan
  • Continuous Monitoring Plan
  • System Security Architecture
  • Threat and Risk Assessment

Findings Report on the effectiveness of ICT controls and recommendations to address or mitigate non-compliance, and make certification recommendation to the department.

Estimated start date: Monday, 07 October 2024

Initial contract duration: 3 Months

Extension term: Not applicable

Location of work: ACT, NSW, NT, QLD, SA, TAS, VIC, WA, Offsite



Icon
Interested to find more tenders relevant to you and your business? You can try our advanced tender search today.