This framework agreement is a service contract aimed at designating a service provider for the establishment of a structure for the prevention, detection, management, and coordination of responses to cybersecurity incidents that may impact the IT services of the contracting authority (SOC service). The main functions of prevention, detection, and response to cybersecurity incidents within the SPW will include several distinct dimensions: • The execution of SOC functions related to SPW systems within the defined scope (covered systems); • Coordination with the SOCs of other operators working for the SPW. This may include, but is not limited to: one or more operators hosting SPW assets in a "Cloud" and/or one or more operators acting as security service providers (known in the cybersecurity sector as “MSSP”) and/or offering a SOC service function (“SOCaaS”) for certain “Cloud” services (e.g., “SaaS”); • Interaction with other SOC-CERT-CSIRT centers (e.g., the federal CCB). The activities conducted by the SOC include: - Assistance in identifying assets and mapping flows - Assistance in prioritizing assets to be monitored - Supervision of the security of the SPW Cloud assets - Prevention of security incidents: assistance in vulnerability management - Prevention of security incidents: cyber threat analysis - Detection and analysis of security incidents - Response to security incidents - Compliant collection and secure preservation of formal evidence - Behavioral analysis of individuals and entities (“EUBA”) - Analysis of stored data (“Security Data Lake Analysis”) - Assistance in simulating cybersecurity crises

LOT-0001
1
2025-S2300042-003_2026M139.
This framework agreement is a service contract aimed at designating a service provider for the establishment of a structure for the prevention, detection, management, and coordination of responses to cybersecurity incidents that may impact the IT services of the contracting authority (SOC service). The main functions of prevention, detection, and response to cybersecurity incidents within the SPW will include several distinct dimensions: • The execution of SOC functions related to SPW systems within the defined scope (covered systems); • Coordination with the SOCs of other operators working for the SPW. This may include, but is not limited to: one or more operators hosting SPW assets in a "Cloud" and/or one or more operators acting as security service providers (known in the cybersecurity sector as “MSSP”) and/or offering a SOC service function (“SOCaaS”) for certain “Cloud” services (e.g., “SaaS”); • Interaction with other SOC-CERT-CSIRT centers (e.g., the federal CCB). The activities conducted by the SOC include: - Assistance in identifying assets and mapping flows - Assistance in prioritizing assets to be monitored - Supervision of the security of the SPW Cloud assets - Prevention of security incidents: assistance in vulnerability management - Prevention of security incidents: cyber threat analysis - Detection and analysis of security incidents - Response to security incidents - Compliant collection and secure preservation of formal evidence - Behavioral analysis of individuals and entities (“EUBA”) - Analysis of stored data (“Security Data Lake Analysis”) - Assistance in simulating cybersecurity crises