The Brandenburg IT Service Provider (ZIT-BB) is the central IT service provider of the Brandenburg state administration. The extensive portfolio of tasks includes, among other things, the planning, control and operation of the technical infrastructure of the supreme state authorities and their subordinate authorities and institutions as well as the coordination and support of IT procedures and cross-departmental cross-sectional procedures.

The ZIT-BB is divided into 4 business areas (GB):

- AR 1: Customer management, internal cross-sectional tasks, management of the state population register as a registration authority, inspection body for special authority mailboxes

- AR 2: Centres of excellence, procedures, IT security

- AR 3: User service, service planning and control, police IT

- GB 4: Infrastrukturbetrieb

Department 2.1 is home to the Competence Center IT Security, CERT, Standardization, which is the central organizational unit for the "creation and implementation planning of security concepts".

The security concepts are documented and managed in the security information system (IT procedure SIS) of the Brandenburg State Administration. The product "verinice" is used as a basic protection tool.

Basically, a distinction is made between IT infrastructure (operated by ZIT-BB) and IT procedures. The IT infrastructure includes the data center, all IT systems, networks and central applications. From the security concepts of the IT procedures, reference is made to the IT infrastructure used in each case. As a result, the processes for updating the security concepts for IT procedures and the IT infrastructure can be decoupled and the demand for up-to-dateness can be guaranteed automatically at all times.

In order to differentiate between the security concept for the IT infrastructure and the security concepts of the IT procedures, a state-wide guideline (responsibilities in the security concept) was developed and adopted. It serves as the basis for the creation of security concepts in the state administration of Brandenburg.

An information security management system (ISMS) has been set up and integrated in the ZIT-BB. The procedure in the security process is the standard safeguard.

By means of this EU-wide tender, a maximum of five bidders are to be identified for the conclusion of a framework agreement. This framework agreement is the basis for the limited award of subsequent individual contracts. In the individual orders, services can be commissioned in the context of security concepts.

The services are called up by the client (client). Further details on the subject matter of the service are regulated in the service description Part B.

As part of the provision of services for the individual orders, the tasks described below must be performed and delivery objects must be processed.

Tasks

- Creation and updating of security concepts of IT procedures to be adopted or adopted by the ZIT-BB from the Brandenburg state administration

- Introduction and updating of IT procedures of the ZIT-BB, in particular for the management of the IT infrastructure

- Updating the security concept for the IT infrastructure, in particular in the case of:

o Technological development

o Update of the Basic Protection Compendium by the BSI

Deliverables in a verinice-compatible format

-Structural analysis

- Schutzbedarfsfeststellung

-Modeling

- IT-Grundschutz-Check

-Risk analysis

- Umsetzungsplanung

The task and delivery objects are presented in detail in the individual call-offs and are therefore not exhaustive.