The acquisition is necessary following the approval of Emergency Ordinance no. 155/2024 regarding the establishment of a framework for the cybersecurity of networks and information systems in the national civil cyberspace, addressed to organizations in the public and private sectors in certain areas of activity, such as: energy, transport, banking sector, financial market infrastructures, health, and the supply and distribution of drinking water, which provide services considered essential.
Any interested economic operator has the right to request clarifications/additional information regarding the award documentation until the 22nd day before the deadline for submission of offers.
The contracting entity will respond clearly and completely to all requests for clarifications/additional information regarding the award documentation 12 days before the deadline for submission of offers. The contracting entity will not respond to requests for clarifications sent after the established deadline.
Any request for clarifications must be sent in SEAP, signed with an extended electronic signature based on a qualified certificate issued by an accredited certification service provider.

LOT-0000
Default lot.
The acquisition is necessary following the approval of Emergency Ordinance no. 155/2024 regarding the establishment of a framework for the cybersecurity of networks and information systems in the national civil cyberspace, addressed to organizations in the public and private sectors in certain areas of activity, such as: energy, transport, banking sector, financial market infrastructures, health, and the supply and distribution of drinking water, which provide services considered essential.
CNCF “CFR” - SA is registered as an Essential Services Operator in the Register of Essential Services Operators (ROSE) since June 2021, for the sector/subsector Transport/Rail Transport (according to Decision 5620/II/A/ from 23.06.2021 issued by the National Cyber Security Incident Response Center – CERT RO).
Currently, to comply with the provisions of Emergency Ordinance no. 155/2024, the necessary steps have been taken to the National Cyber Security Directorate for the registration of the company in the Register of Essential and Important Entities.
According to current legislation, following the preliminary analysis of the systems and information infrastructures of the company, the following systems have been identified in the category of essential services:
• Railway traffic control and management (supervising and regulating traffic, signaling; traffic planning, train route management) – E11;
 IT system “Train circulation” with components: IRIS – ATLAS – IM, IRIS – CRONOS, IRIS – FOCUS, IRIS – FOCUS – RU, IRIS – CALIPSO, IRIS – INFO – IM, E – TELEX INFOKIOSK, CRONOS VOX, TraficAlert, DRR Maps, Transparency Map Editing, Performance Regime, Accept Scheduling, IMComm, Polifem Constanța, Rates for additional services (T.S.A.), WIMO-IM, Free Tracks.
• Maintenance of railway infrastructure – E 24;
 IT system “Railway infrastructure” with components: IRIS – IMA (MP5i), IRIS – IMA (CFR GIS Map), Web – INSPIRE, IRIS – IMA (WebSCB), IRIS – IMA (WebSIMC), IRIS – IMA (WebSafety), WebEMM, ENTRAC, Annual IT Frame Program / ITP, AVI–GABARITE, e–RINF, ActiveRegister,
 IT system “Management of stocks and tangible fixed assets” with the following components: e–MPS, e–SIGMA, eMiFixe;
• Maintenance of rolling stock (locomotives, cars, etc.) – E 25.
 IT system “Rolling stock” with the following components: IRIS – RSMA (Spear2000), I – PARK.
Quantity: Acquisition of the IT service “Cybersecurity Audit” according to Specifications no. 8/1/1482/04.11.2025.