EU solidarity with Ukraine
Prozorro+: Ukrainian public procurement platform
Greece-Maroussi: Support Services in Relation to the EU Cybersecurity Certification Framework
Section I: Contracting authority
Section II: Object
Support Services in Relation to the EU Cybersecurity Certification Framework
The requested services shall cover ENISA’s activities in the area of drafting cybersecurity certification schemes.
— addressing internal market as well as international aspects concerning market, organisational, technical and legal aspects,
— analysis of market sectors likely to benefit from cybersecurity certification including:
—— market requirements to certification schemes from user, service and technology provider’s perspective;
—— key factors for ensuring market acceptance and non-discriminatory market access;
—— existing national schemes, their market position and potential areas for improvement;
—— potential synergies with CSA-conformant certification schemes for other market sectors.
— market studies on take up of cybersecurity certification schemes,
— research and documentation of market aspects of certification,
— support for preparation and implementation of sector-specific risk assessments.
We expect tenderers to have expertise and knowledge in several of the following areas:
— relevant EU legislation, in particular CSA and the regulatory framework in the European and international market,
— European ICT market, sectorial domains and their ICT services. Major stakeholders and their roles and business objectives, position in the international market, dependencies from non-European service or technology providers,
— typical sector-specific requirements to the evaluation and certification of ICT products, existing certification schemes and their position in the relevant market sectors,
— typical system architectures for ICT services and involved ICT products,
— typical attack vectors. Capabilities of types of potential attackers,
— risk assessment standards (e.g. ISO/IEC 27005) and current work undertaken by related standardization bodies,
— practical experience in carrying out risk assessments,
— ICT product security evaluation and certification schemes (e.g. CC/SOGIS-schemes, EMVCo, FIDO) and related standards,
— ISMS evaluation and certification based on the ISO/IEC 27000 series of standards,
— definition and implementation of evaluation and certification schemes,
— generation of protection profiles, security targets,
— enabling and managing evaluation labs, quality assurance processes for evaluation labs,
— validation of evaluation results and issuing certificates,
— collecting stakeholders’ requirements, aggregating and documenting different opinions and viewpoints,
— generating technical documentation.
Various specific contracts based on the annual ENISA Work Programme will be launched periodically to the successful framework contractors based on the ‘Reopening of Competition’ procedure. Depending on the needs of the contracting authority and budget availability, this overall budget could be increased by up to 50 % by using a ‘negotiated procedure without prior publication of a contract notice’.
The ensuing framework contracts will be for an initial 12-month period, renewable on a yearly basis up to a maximum of 4 years.
Section III: Legal, economic, financial and technical information
As stated in the procurement documents.
Section IV: Procedure
ENISA Athens office, Vasilissis Sofias Street 1, 151 24 Maroussi, Attiki, GREECE.
A maximum of 1 legal representative per participating tenderer may attend the opening session. Tenderers shall inform the Agency in writing of their intention to attend by email to ‘email@example.com’ at least 2 working days prior to the opening session. Failing that, the contracting authority reserves the right to refuse access to its premises.
Section VI: Complementary information