Privilege Access Management PoC
A Tender Notice
by MINISTRY OF JUSTICE
- Source
- Contracts Finder
- Type
- Contract (Services)
- Duration
- 3 month
- Value
- ___
- Sector
- TECHNOLOGY
- Published
- 14 Apr 2022
- Delivery
- 02 May 2022 to 29 Jul 2022
- Deadline
- 22 Apr 2022 13:00
Concepts
Location
1 buyer
- Ministry of Justice London
Description
Opportunity Outline: PAM (Privileged Access Management) is an additional security measure that can be placed in front of a system administration interface. Her Majesty's Courts and Tribunals Service (HMCTS) intend to run a pro bono proof of concept (POC) process to better understand how PAM can help protect the department. What is PAM: PAM is based on two central concepts: Just in time Administration and Just enough Administration. Just in time Administration: No assumed access is granted; Request access must be made. A Temporary credential is given to the system administrator through workflow. Just enough administration: Just enough Administration is another way of describing the concept of least privilege. Benefits of PAM: It will make it more difficult for an attacker to pivot into critical services, from an already compromised management access workstation. It will introduce an additional source of auditing, making it easier to identify misuse of administration interfaces. This will act as a strong deterrent against the insider threat, where a legitimate system administrator may consider abusing their access. It will introduce additional guard rails to help system administrators. They will hold less responsibility to protect their access credentials. It will help protect them from accidentally making unintended changes. Privilege Access Management would be an Enterprise level initiative covering all business areas that are part of the strategic roadmap, however the initial focus is on two groups within HMCTS. This contract opportunity only covers the pro bono POC. Hence, it will be for a pro bono contract. Proof of Concept: HMCTS wish to run one POC with two suppliers, to understand if a third-party security tool would be of any benefit to HMCTS systems. The POC is envisioned to last up to 3 months and be carried out asap. High Level Requirements to be used for the POC: The Key requirements that operate as a baseline for mitigation of the Cyber risks are: Just-in-time Administration Request access - workflow Approval process Just enough Administration (Least privilege) Full system level/ global admin privilege should be an exception Definition of role-based access management Strong logging and auditing Logging keystrokes which could leverage behavioural analytics Session recording Centralisation Policy management and roll out Reporting / metrics - BI Based Periodical user entitlement reviews
CPV Codes
- 48732000 - Data security software package
Indicators
- Contract is suitable for SMEs.
Other Information
Further information available, please email: CCMD-DandTSupplierInbox@justice.gov.uk n/a Contracts Finder FOC POC Opportunity April 2022 V1.0.pptx
Reference
- tender_303080/1064071
- CF 2ff8ab9e-885c-4b5f-8508-e66147d07976