The subject of the performance of the public procurement (hereinafter referred to as "public procurement") is the delivery of software, hardware, and related services aimed at enhancing the cybersecurity of the assets of the Municipal Office of Prague 11, that is, its information systems, including the information managed therein.

This Delivery will consist of the following:

1) NDR, Sandbox, honeypots
- NDR is a security technology focused on monitoring, analyzing, and responding to suspicious activities in network traffic. Using advanced techniques such as machine learning, behavioral analysis, and network traffic analysis, NDR identifies anomalies that may indicate the presence of malicious activity, such as attempts at lateral movement, data exfiltration, or communication with C2 servers.
- Sandbox is a virtualized or emulated environment in which suspicious files, programs, or links can be safely executed without risking the production system. It allows for detailed observation of the behavior of the activated object – whether it attempts to change system files, connect to a remote server, install malware, etc.
- A honeypot is an intentionally unprotected or partially vulnerable system that mimics real targets on the network. It serves to lure attackers, monitor their techniques, and gather information about new attack methods. Honeypots can be deployed for research purposes, early-stage attack detection, or as part of active defense.

2) Endpoint system EDR
- EDR (Endpoint Detection and Response) enhances the ability to identify, monitor, and respond to suspicious activities on endpoints such as workstations, servers, and mobile devices. This type of security solution enables real-time monitoring of application, process, and user behavior and alerts to potential anomalies or dangerous actions. As a result, the security team can quickly identify new, unknown threats and take necessary steps to stop them.

3) Servers
- 4 pcs of servers. Server hardware to ensure the operation of virtualized servers/applications. The overall hardware solution must provide sufficient resilience for hardware failure of individual nodes and sufficient performance for the operation of required systems.

4) Disk array/storage
- Storage refers to specialized storage systems for efficient and effective data management and storage. Among other things, they serve as storage for individual virtual servers. Connection via Fibre Channel ports. Architecture: modular, at least dual-controller all-flash disk array active-active design, the solution must form a cohesive unit with proven interoperability, single supported SLA, and one responsible integrator; the contracting authority also accepts multi-vendor solutions if they meet all requirements and provide demonstrable evidence of compatibility and unified support. Minimum 64 GB of RAM. The capacity of the installed disk pool must be at least 24 TB of usable binary capacity (in case of using single disk failure protection) without accounting for deduplication, compression, and other reduction mechanisms.

The subject of the public procurement also includes services related to the above-mentioned Delivery, its implementation including the provision of support, which involves services in the following scope and of the following nature:
a) transportation, installation, initial initialization of HW and SW at the contracting authority's premises;
b) provision of all related documentation for HW and SW;
c) training of the client's ICT administrators according to the scope of the Contract;
d) provision of basic support for all parts of HW and SW tools and provision of other related operational services, all for a period of 60 months from the date of delivery installation;
e) provision of extended support for all parts of HW and SW tools and provision of other related operational services, all for a period of 60 months from the date of delivery installation.

The subject of the public procurement also includes documentation of the actual performance of the contract, containing at least:
- a description of the implemented solution (including screenshots confirming the deployment of SW tools and photographic documentation of installed HW tools);
- the timeline of real implementation;
- conducted training, including attendance lists;
- product documentation (or a list and the documentation itself in separate attachments);
- the manner of meeting the cybersecurity requirements during the implementation phase, see attachment no. 3 of the Contract;
- all mutually signed acceptance protocols.

Expected IT infrastructure:

Number of users: 270
Expected number of email accounts: 400
Expected number of endpoints (PC/Laptop): 350
Expected number of mobile phones: 100
Expected number of virtual servers (WIN): 50
Expected number of virtual servers (LNX): 2

A detailed specification of the subject of the public procurement, including technical conditions in detail necessary for proposal preparation, is provided in the appendices to this procurement documentation.

LOT-0001
Enhancing the cybersecurity of information systems of the Municipal Office of Prague 11 – Phase 1.
The subject of the performance of the public procurement (hereinafter referred to as "public procurement") is the delivery of software, hardware, and related services aimed at enhancing the cybersecurity of the assets of the Municipal Office of Prague 11, that is, its information systems, including the information managed therein.

This Delivery will consist of the following:

1) NDR, Sandbox, honeypots
- NDR is a security technology focused on monitoring, analyzing, and responding to suspicious activities in network traffic. Using advanced techniques such as machine learning, behavioral analysis, and network traffic analysis, NDR identifies anomalies that may indicate the presence of malicious activity, such as attempts at lateral movement, data exfiltration, or communication with C2 servers.
- Sandbox is a virtualized or emulated environment in which suspicious files, programs, or links can be safely executed without risking the production system. It allows for detailed observation of the behavior of the activated object – whether it attempts to change system files, connect to a remote server, install malware, etc.
- A honeypot is an intentionally unprotected or partially vulnerable system that mimics real targets on the network. It serves to lure attackers, monitor their techniques, and gather information about new attack methods. Honeypots can be deployed for research purposes, early-stage attack detection, or as part of active defense.

2) Endpoint system EDR
- EDR (Endpoint Detection and Response) enhances the ability to identify, monitor, and respond to suspicious activities on endpoints such as workstations, servers, and mobile devices. This type of security solution enables real-time monitoring of application, process, and user behavior and alerts to potential anomalies or dangerous actions. As a result, the security team can quickly identify new, unknown threats and take necessary steps to stop them.

3) Servers
- 4 pcs of servers. Server hardware to ensure the operation of virtualized servers/applications. The overall hardware solution must provide sufficient resilience for hardware failure of individual nodes and sufficient performance for the operation of required systems.

4) Disk array/storage
- Storage refers to specialized storage systems for efficient and effective data management and storage. Among other things, they serve as storage for individual virtual servers. Connection via Fibre Channel ports. Architecture: modular, at least dual-controller all-flash disk array active-active design, the solution must form a cohesive unit with proven interoperability, single supported SLA, and one responsible integrator; the contracting authority also accepts multi-vendor solutions if they meet all requirements and provide demonstrable evidence of compatibility and unified support. Minimum 64 GB of RAM. The capacity of the installed disk pool must be at least 24 TB of usable binary capacity (in case of using single disk failure protection) without accounting for deduplication, compression, and other reduction mechanisms.

The subject of the public procurement also includes services related to the above-mentioned Delivery, its implementation including the provision of support, which involves services in the following scope and of the following nature:
a) transportation, installation, initial initialization of HW and SW at the contracting authority's premises;
b) provision of all related documentation for HW and SW;
c) training of the client's ICT administrators according to the scope of the Contract;
d) provision of basic support for all parts of HW and SW tools and provision of other related operational services, all for a period of 60 months from the date of delivery installation;
e) provision of extended support for all parts of HW and SW tools and provision of other related operational services, all for a period of 60 months from the date of delivery installation.

The subject of the public procurement also includes documentation of the actual performance of the contract, containing at least:
- a description of the implemented solution (including screenshots confirming the deployment of SW tools and photographic documentation of installed HW tools);
- the timeline of real implementation;
- conducted training, including attendance lists;
- product documentation (or a list and the documentation itself in separate attachments);
- the manner of meeting the cybersecurity requirements during the implementation phase, see attachment no. 3 of the Contract;
- all mutually signed acceptance protocols.

Expected IT infrastructure:

Number of users: 270
Expected number of email accounts: 400
Expected number of endpoints (PC/Laptop): 350
Expected number of mobile phones: 100
Expected number of virtual servers (WIN): 50
Expected number of virtual servers (LNX): 2

A detailed specification of the subject of the public procurement, including technical conditions in detail necessary for proposal preparation, is provided in the appendices to this procurement documentation.