Information

Tender reference number	ENISA F-COD-19-T13
Title	Supporting Cybersecurity for Transport Sector Activities
Description	ENISA seeks to contract the services of a minimum of 2 and maximum of 5 service providers per lot which can provide support in the area of Cybersecurity for the Transport sector. The two main areas are: LOT 1 - Cybersecurity for the Maritime sector and LOT 2 - Cybersecurity for the RAILWAYS sector.The successful bidders should be able to demonstrate significant experience and skills in these areas, with emphasis on the aspects dealt with in the annual ENISA Work Programme.
Contract type	Services
Procedure type	Open procedure
Status	Closed
Published on TED
Submission Method	Electronic
Tenders may be submitted	All lots
Maximum number of lots
Information about a public contract, a framework agreement or a dynamic purchasing system (DPS)	Framework agreement
Address of the buyer profile: (URL)

Conditions for participation

Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers	As stated in the procurement documents
Economic and financial standing - List and brief description of selection criteria	Selection criteria as stated in the procurement documents
Economic and financial standing- Minimum level(s) of standards possibly required	Selection criteria as stated in the procurement documents
Technical and professional ability - List and brief description of selection criteria	Selection criteria as stated in the procurement documents
Technical and professional ability - Minimum level(s) of standards possibly required	Selection criteria as stated in the procurement documents

Milestones

TED publication date	06/03/2019 00:00
Question deadline	25/03/2019 22:59 UTC+01:00
Answer deadline	26/03/2019 22:59 UTC+01:00
Time limit for receipt of tenders	01/04/2019 18:00
Conditions for opening tenders (date)	02/04/2019 10:00

Lots

Lot number	Title	Description
Lot 1	Cybersecurity for the Maritime Sector	We expect tenderers to have expertise and knowledge on the following topics:1) Policy and regulatory issues related to the resilience of critical infrastructures and services as well as Maritime cybersecurity at national, European and International (e.g. IMO) level;2) Network and information security of Maritime infrastructures and services;3) Working with maritime sector stakeholders/organisations such as, though not limited to, ports (including port authorities, port facilities, terminals etc.), shipping companies, vessel traffic services, national maritime authorities, classification societies etc.;4) Risk management practices/methodologies, regulations, standards, guidelines, good practices specific to the maritime sector (e.g. ISPS);5) ICS-SCADA security issues e.g. OT security, IT/OT convergence etc.;6) Essential service (transport sector) operations and security practices and knowledge of the regulatory framework e.g. NIS Directive, the GDPR etc.;7) CIIP and/or Maritime security good practice guidelines and standards e.g. ENISA good practice guides, IEC 62443, ISO 27001, ISO 27002, ISO 27019, BIMCO guidelines, NERC CIP standards, ANSI/ISA 99 etc.;8) Network and information security issues e.g. internet and web security, cryptography, testing, security management etc.;9) Infrastructure security and resilience and CIIP issues like Public Key Infrastructures (PKI) and core protocols e.g. BGP, DNS etc.
Lot 2	Cybersecurity for the Railways Sector	We expect tenderers to have expertise and knowledge on the following topics:1) Ecosystems of Rail sector namely of the operators of essential services (as described in Annex II) of the NIS Directive: railway undertakings and infrastructure managers;2) Rail security issues e.g. OT security, IT/OT convergence, etc.;3) Policy and regulatory issues related to the resilience of critical infrastructures and services as well as Railway cybersecurity at national and/or European level;4) Essential service (transport sector) operations and security practices and knowledge of the regulatory framework e.g. NIS Directive, the GDPR, the EU Mobility Packages;5) CIIP good practice guidelines and standards e.g. ENISA good practice guides, Shift2Rail activities, CEN CENELEC SC9X, ETSI TC CYBER, Directives on Safety and Interoperability for Rail etc.;6) Network and information security of Railway infrastructures and services;7) Policy and regulatory issues related to the resilience of critical infrastructures and services as well as Railway cybersecurity policies at national and/or European level;8) Network and information security issues e.g. internet and web security, cryptography, testing, security management etc.;9) Infrastructure security and resilience and CIIP issues like Public Key Infrastructures (PKI) and core protocols e.g. BGP, DNS etc.;10) Internet operations in network and security management for large network providers and Internet Exchange Points.

Notices

Reference	Notice type	Publication date
2019/S 046-104543	Contract notice	06/03/2019 00:00