This procurement aims to establish services and solutions for Cybersecurity:
- Lot 1: Complementary "on-prem" protection solutions to existing systems;
- Lot 2: Pentest services, recurring vulnerability scans, and system and network administrator assistance services;
- Lot 3: Cyber GRC Software;
- Lot 4: EPP/EDR/XDR software + SOC services;
- Lot 5: Identity management software in Active Directory and Bastion software;
- Lot 6: Awareness and phishing software;
- Lot 7: Immutable backups under Veeam;
- Lot 8: Backup and archiving of MDaemon mailboxes;

LOT-0001
Complementary "on-prem" protection solutions to existing systems.
This lot is based on the evolution of existing perimeter and internal security solutions from Fortinet.
It includes adding:
- An email protection software;
- Perimeter firewall boxes for all remote sites, along with a centralized administration solution;
- An NAC software for 800 devices;
- 12 secure Wi-Fi access points for the headquarters;

LOT-0002
Pentest services, recurring vulnerability scans, and system and network administrator assistance services.
The CIVIS wishes to entrust a specialist in Pentesting or intrusion testing to assess the security of the information system. The services will be conducted by simulating real attacks to identify security vulnerabilities, assess their impacts, and propose solutions to correct them. These services will use a combination of automated tools and manual techniques to explore and exploit vulnerabilities. The process will include reconnaissance, analysis, exploitation of flaws, and post-exploitation stages. Testing methods must be adapted to the responses of systems to allow for a thorough and realistic evaluation.

LOT-0003
Cyber GRC Software.
The CIVIS aims to establish a Governance, Risk, and Compliance solution for Cybersecurity (Cyber GRC) to organize the activities of the CISO.

The solution must be a SaaS solution in CAPEX mode anticipated over 3 years.

It should enable the organization of the security governance of the CIVIS information system through a combination of processes ensured and executed by the governing body. It must facilitate risk management that could hinder the achievement of CIVIS's objectives. Lastly, it should manage compliance with the policies, procedures, laws, and regulations of CIVIS (NIS2).

LOT-0004
EPP/EDR/XDR software + SOC services.
The CIVIS aims to establish a Governance, Risk, and Compliance solution for Cybersecurity (Cyber GRC) to organize the activities of the CISO.

The solution must be a SaaS solution in CAPEX mode anticipated over 3 years.

It should enable the organization of the security governance of the CIVIS information system through a combination of processes ensured and executed by the governing body. It must facilitate risk management that could hinder the achievement of CIVIS's objectives. Lastly, it should manage compliance with the policies, procedures, laws, and regulations of CIVIS (NIS2).

LOT-0005
Identity management software in Active Directory and Bastion software.
The CIVIS aims to establish a Governance, Risk, and Compliance solution for Cybersecurity (Cyber GRC) to organize the activities of the CISO.

The solution must be a SaaS solution in CAPEX mode anticipated over 3 years.

It should enable the organization of the security governance of the CIVIS information system through a combination of processes ensured and executed by the governing body. It must facilitate risk management that could hinder the achievement of CIVIS's objectives. Lastly, it should manage compliance with the policies, procedures, laws, and regulations of CIVIS (NIS2).

LOT-0006
Awareness and phishing software.
The CIVIS aims to implement a Cyber risk awareness solution for its agents to enhance the corporate culture in Cybersecurity and help staff more easily detect phishing attempts.

LOT-0007
Immutable backups under Veeam.
To protect the information system's disk backups against ransomware, the CIVIS aims to implement a solution for immutable backups under Veeam Backup, the solution currently used for disk backups.

This solution should provide a backup whose data will be fixed, unchangeable, never deletable, encrypted, or modified. This immutable backup will be essential to ensure recoverable and protected data against natural or human disasters, particularly against ransomware and other cybercrimes.

LOT-0008
Backup and archiving of MDaemon mailboxes.
Since the corporate messaging system is critical to the functioning of the CIVIS, it aims to implement a backup and archiving solution for its MDaemon messaging system.

This solution must be flexible, independent of the messaging solution, and non-intrusive to adjust to any changes in messaging.