The purpose of this contract is to establish cybersecurity services and solutions:
LOT-0001
On-prem protection solutions complementary to existing ones.
This lot is based on the evolution of existing Fortinet perimeter and internal security solutions.
It involves adding:
LOT-0002
Pentest services, recurring vulnerability scanning, and systems and networks administrator support services.
CIVIS wishes to entrust a specialist in pentests or intrusion tests to assess the security of its information system. The services will be performed by simulating real attacks to identify security vulnerabilities, evaluate their impacts, and propose solutions to correct them. They will be carried out using a combination of automated tools and manual techniques to explore and exploit vulnerabilities. The process will include steps of reconnaissance, analysis, exploitation of vulnerabilities, and post-exploitation. The testing methods must be adapted to the response of the systems to allow for a thorough and realistic assessment.
LOT-0003
Cyber GRC software.
CIVIS aims to implement a Governance, Risk, and Compliance solution for Cybersecurity (Cyber GRC) to organize the activities of the CISO.
The solution must be a SaaS solution in CAPEX mode, anticipated over 3 years.
It should facilitate the organization of the governance of CIVIS's information systems security through a combination of processes ensured and executed by the governing body. It should also enable risk management that could hinder the achievement of CIVIS's objectives. Lastly, it must provide for the management of compliance with the policies, procedures, laws, and regulations of CIVIS (NIS2).
LOT-0004
EPP/EDR/XDR software + SOC services.
CIVIS aims to establish a Governance, Risk, and Compliance solution for Cybersecurity (Cyber GRC) to organize the activities of the CISO. The solution must be a SaaS solution in CAPEX mode, anticipated over 3 years. It should facilitate the organization of the governance of the security of the information systems of CIVIS through a combination of processes ensured and executed by the governing body. It should also enable risk management that could hinder the achievement of CIVIS's objectives. Lastly, it must provide for the management of compliance with the policies, procedures, laws, and regulations of CIVIS (NIS2).
LOT-0005
Identity management software in Active Directory and Bastion software.
CIVIS wishes to implement a Governance, Risk, and Compliance solution for Cybersecurity (Cyber GRC) to organize the activities of the CISO. The solution must be a SaaS solution in CAPEX mode anticipated over 3 years. It should facilitate the organization of the governance of the security of the information systems of CIVIS through a combination of processes ensured and executed by the governing body. It should also enable risk management that could obstruct the achievement of CIVIS's objectives. Lastly, it must facilitate the management of compliance with the policies, procedures, laws, and regulations of CIVIS (NIS2).
LOT-0006
Aware and phishing software.
CIVIS aims to implement a Cyber risk awareness solution for its employees to improve the corporate culture of Cybersecurity and help staff more easily detect phishing attempts.
LOT-0007
Immutable backups under Veeam.
To protect disk backups of the information system against Ransomware, CIVIS wishes to establish a solution for immutable backups under Veeam Backup, a solution currently used for disk backups.
This solution should allow creating a backup whose data are fixed, unchangeable, never deletable, encrypted, or altered. This immutable backup will be essential to ensure always recoverable and protected data against natural or human disasters, particularly against ransomware and other cybercrimes.
LOT-0008
Backup and archiving of MDaemon mailboxes.
As the corporate messaging system is critical to the functioning of CIVIS, it wishes to establish a backup and archiving solution for its MDaemon messaging.
This solution should be flexible, independent of the messaging solution, and non-intrusive to it, so as to adapt to any change in messaging systems.