(by Luca Angelucci, Head of the Aidr Cyber Crime Insurance Observatory) The call for tenders pertaining to IT security in the PA, open to ICT companies for Cybersecurity services, has been published. This is the first tender for the supply of services relating to the IT security of the PA announced by CONSIP. The aim we want to achieve is to equip our PA with tools and services that are essential for the implementation of the projects included in the PNRR as required by the Three-Year IT Plan of the Public Administration.
The initiative - the first of the three planned by Consip in the IT security field - is part of the strategic ICT tenders plan that Consip carries out in implementation of the "Three-year plan for IT in the PA 2020-2022", prepared by Agid and the Ministry technological innovation and digital transition.
The tender - worth a total of 135 million euros - is aimed at awarding a Framework Agreement with several economic operators for a duration of 24 months. The subsequent award will take place through the relaunch of the competitive comparison between the awarded suppliers, following a specific contract.
In practice, the tender will allow PAs to acquire products for the management of security events and accesses, for the protection of email, web and data channels. Under the agreement, PAs will be able to acquire:
- products (Security Information and Event Management; Security Orchestration, Automation and Response; Secure Email Gateway; Secure Web Gateway; Database Security; Data Loss Prevention; Privileged Access Management; Web Application Firewall);
- services (installation and configuration; training and coaching; maintenance; contact center and help desk; client hardening; specialist support);
- additional services (hardening on other systems; data assessment; Privileged Account Assessment; professional services provided by the vendor; incident response).
The tender was developed taking into account the rapidly evolving regulatory context, with the entry into force of Law 133/2019 (Urgent provisions regarding the perimeter of national cyber security) and the implementing decrees, in particular Legislative Decree 82/2021 ( Urgent provisions on cybersecurity, definition of the national cybersecurity architecture and establishment of the National Cybersecurity Agency).
The initiative also incorporates the provisions of the recent Legislative Decree 77/2021 "Governance of the National Recovery and Resilience Plan and first measures to strengthen administrative structures and accelerate and streamline procedures", to allow Administrations to purchase products / cybersecurity services they need for the implementation of PNRR projects.
Companies operating in the sector of supplies and services related to ICT security will be able to participate in the tender: the deadline for receiving offers is July 19, 2021.