The district of Uckermark hereby announces the introduction and operation of a comprehensive EDR/MDR solution* for the effective identification and handling of potential cyberattacks. EDR/MDR solution* EDR: Endpoint Detection & Response MDR: Management Detection & Response. The main headquarters of the authority is located in Prenzlau, and additional branches are operated in 3 cities of the district. Connections are realized via VPN. The technical infrastructure can be described as heterogeneous. More than 1,000 employees of the administration use PCs, ThinClients, laptops, tablets, and smartphones for their work. Accordingly, there is also a differentiated operating system landscape of Windows, Linux, Igel OS, Android, and iOS. The administration operates this infrastructure independently. A preliminary inventory revealed a total of approximately 1,500 end devices (clients and servers). Considering future expansions due to increased user and device numbers, a dimension of around 1,750 end devices is projected.

LOT-0001
Cyberattack Security Solution.
An integrated EDR/MDR solution is sought that takes over permanent control of the devices, collects, analyzes, consolidates data, detects real attacks, and addresses them immediately. The solution must make all processes forensically traceable and enable its own research and evaluations. The contract being tendered includes not only the contractual obligations regarding management services but also the delivery of the necessary software products, installation services, maintenance/support, onboarding, as well as training or briefings of the responsible personnel of the district administration. The contractual relationship is based on an EVB-IT contract, which is attached to the tender documents and must be signed by both contracting parties after the award is given. This contract has already been pre-filled by the contracting authority and can be acknowledged here. The service can be offered both as a locally operated solution (on-prem) and as a cloud solution. It is required that the proposed solution is designed according to the specifications of the MITRE ATT&CK Framework. This ensures comprehensive coverage of known attack techniques and tactics as well as a standardized approach to threat detection and defense. Furthermore, the requirements of the DER modules (DER 1 = Detection of security-relevant events) of the Federal Office for Information Security (BSI) must be fully met. This ensures that the solution meets the high security standards that are applicable to public administrations in Germany. This tender is aimed at experienced* service providers who are able to develop and implement a holistic cybersecurity strategy specifically tailored to the needs and requirements of public administration. It is expressly permitted to have the service performed by a subcontractor or partner (capacity loan). It is important that the EDR solution and MDR come from a single source. The mentioned suitability criteria must then be fulfilled by the subcontractor/partner, and the evidence must be provided according to the invitation to tender. The subcontractor/partner and the services they perform must be named in writing. *Providers are considered experienced if they meet the suitability criteria. We place particular importance on a solution that not only reacts to threats but also proactively identifies and addresses potential vulnerabilities. In addition, we expect the service provider to continuously adapt security measures to the ever-evolving threat landscape. The specified service blocks listed in the attachment Performance Description Directory Annex 1 must be offered. The detailed requirements and performance parameters for all components can be found in the attached document Performance Description Directory Annex 2 Performance Parameters.