Provision of Army Digital Services Security & Vulnerability Assessments Specialist & Technical Capability (DInfoCom/0212)
A Contract Award Notice
by MINISTRY OF DEFENCE
- Source
- Contracts Finder
- Type
- Contract (Services)
- Duration
- 2 year
- Value
- £459K
- Sector
- TECHNOLOGY
- Published
- 21 Sep 2022
- Delivery
- 01 Oct 2022 to 30 Sep 2024
- Deadline
- 22 Jul 2022 12:00
Concepts
- computer testing
- andover
- ahe
- provision of army digital services security & vulnerability assessments specialist & technical capability
- vulnerability assessments
- in-service applications
- provision of army digital services security
- security assessments
- army hosting environment
- specialist technical assistance
Location
1 buyer
- MOD Andover
1 supplier
- NCC Group Security Services Manchester
Description
There is a requirement for specialist technical assistance to provide code assisted Vulnerability Assessments (VA) and Penetration Testing (PT) security assessments on both new and in-service applications/infrastructure. Security assessments, PT's and VA's are used to identify vulnerabilities in code and infrastructure (networks, servers, operating systems and applications) that could potentially be exploited. Attackers can be hackers trying to gain access into our network or systems, state sponsored activists or an insider threat. They will aim to either extract information that is held on applications and hosting environments or cause extensive disruption to services. ADS has 2 hosting environments, the Army Hosting Environment (AHE) and Joint Server Farm (JSF). The JSF is accessible from the internet via the Defence Gateway and holds information classified at Official. The AHE holds Official, Secret and Sensitive Personal Information which if extracted would not only be damaging to the Army's reputation, it could jeopardise potential operations. It could also incur fines from the Information Commissioner if there were a breach of personal information. An attack to disrupt any of the services ADS provides would significantly erode the Army's ability to operate, as many of the systems support day to day activities and processes. It is therefore imperative that vulnerabilities are identified and remedied/mitigated to reduce the risk of these occurrences. All new applications expecting to be hosted on the AHE or the JSF must have a vulnerability assessment before being allowed onto the environment to ensure there are no weaknesses which could potentially allow an attacker access to the wider infrastructure and applications. Existing applications, hosting environments and platforms must be VA'd on a rolling programme to ensure any changes do not increase vulnerability and potential for being attacked.
Award Detail
| 1 | NCC Group Security Services (Manchester)
|
CPV Codes
- 72820000 - Computer testing services
Indicators
- Contract is suitable for SMEs.
Other Information
20220921-703103456_0212_RM3764_Order_Form_redacted.docx 20220727-703103456_0212_RM3764_Joint_Schedules_redacted.docx 20220727-703103456_0212_RM3764_Order_Schedules_redacted.docx
Reference
- 703103456
- CF 496afb84-832e-49e2-a8cb-a5b6430f5aa6