Development of System Security Plan
Tender ID: 573201
Tender Details
Tender Description
This Tender is invited by the Issuer.
Requirements
Background
AUSTRAC has engaged a vendor to replace its current Secure Internet Gateway (SIG). The existing SIG follows a legacy centralised physical data centre model with user traffic traversing the centralised SIG regardless of the user’s location. A distributed security model is preferred to evolve effectively consumed cloud hosted services and a suit a mobile work force.
As the front line of external facing access to AUSTRAC systems, it is essential that it is modernised by utilising cloud technologies whilst complying with the applicable Essential 8 requirements. The new SIG offering will provide ‘direct to cloud’ services for AUSTRAC, in line with the organisation’s adoption of SaaS, PaaS and IaaS services.
Architected in a highly available fashion, the SIG will leverage public cloud regions to reduce the risk of service disruption to public facing and outbound internet services that are critical to AUSTRAC’s business continuity.
Requirement
As part of this change AUSTRAC have a requirement to migrate an existing external DMZ from Verizon to AUSTRAC which requires assurance.
We are seeking a vendor to provide;
- System Security Plan (SSP), SSP Annex (Statement of Applicability (SoA) and Security Risk Management Plan (SRMP) for AUSTRAC’s External DMZ which includes AUSTRAC managed on premises perimeter firewalls, configuration of external DMZ and supporting services to the extent that they comprise the internet gateway environment.
- System Security Plan (SSP), to provide confirmation and verification of Cynterra’s Secure Cloud Platform offering ensuring that it has been assessed at the PROTECTED level in accordance with the Protective Security Policy Framework (PSPF).
The development of this outcome will be done in collaboration with AUSTRAC resources.
Clearance required: Yes, NV1