Independent Cyber Security Assessment for the Practicum Exchange Website DM-25898
Tender ID: 568356
Tender Details
Tender Description
This Tender is invited by the Issuer.
The Department of Education (the department) has engaged an external vendor to design and build the Practicum Exchange (PE) website, which is now in the final stages of completion and due to be launched late September 2024.
The project requires an external IT Cyber Security assessor with demonstrated experience in the Protective Security Policy Framework (PSPF) and the Information Security Manual (ISM) to conduct a Cyber Security assessment of the PE Website.
The assessment must be performed against the ISM ensuring that the hosting and information storage meets the Department of Employment and Workplace Relations and the Australian Government standards including the PSPF and the Hosting Certification Framework (HCF).
Outcome
The newly developed external Practicum Exchange Website requires a cyber security assessment to determine if it should be approved for an Authority to Operate (AtO).
A third party has been engaged to develop the site and a subsequent fourth party has been engaged to provide infrastructure services to host the site and its information.
The department requires experienced, independent assessors to complete an assessment and report to allow the department to determine the risks associated with approving an Authority to Operate.
Assessment must be in line with the department's Cyber Security Authorisation Policy and Risk Management Framework.
Deliverables
The procured ICT assessors complete the independent Cyber Security assessment for the Practicum Exchange Website with the required security documentation substantiated with supporting evidence in accordance with the Australian Government standards (PSPF - Protective Security Policy Framework, ISM - Information Security Manual, HCF - Hosting Certification Framework) for the Department’s approval.
The successful vendor may be required to assess some or all of the following documentation provided by the website vendor in line with ACSC ISM, PSPF and Essential Eight Maturity Model:
- Security Overview Document
- System Security Plan
- System Security Plan — Annex
- Incident Response Plan
- Continuous Monitoring Plan
- System Security Architecture
- Threat and Risk Assessment
Findings Report on the effectiveness of ICT controls and recommendations to address or mitigate non-compliance, and make certification recommendation to the department.
Estimated start date: Monday, 07 October 2024
Initial contract duration: 3 Months
Extension term: Not applicable
Location of work: ACT, NSW, NT, QLD, SA, TAS, VIC, WA, Offsite
Location
New South Wales : Central West : Far North Coast : Far West : Hunter : Illawarra : Mid North Coast : Murray : New England : Orana : Riverina : Southern Highlands : Sydney
Queensland : Cairns & Far North Queensland : Gladstone : Mackay Whitsunday Region : Mount Isa & North West Region : Rockhampton : South East Queensland : South West & Darling Downs : The Central West : Townsville : Wide Bay Burnett
Victoria : Barwon South West : Gippsland : Grampians : Hume : Loddon Mallee : Melbourne
South Australia : Adelaide : Eyre & Western : Far North : Fleurieu & Kangaroo Island : Limestone Coast : Murray & Mallee : York & Mid North
Northern Territory : Barkly : Big Rivers : Central Australia : East Arnhem : Greater Darwin : Top End
Australian Capital Territory
Tasmania