Closed

One network Penetration test

Tender ID: 583299

Tender Details

Organisation:
National Indigenous Australians Agency (NIAA)
Tender #:
PCS-01948  
Status:
Closed
Publish Date:
11 April 2025
Closing Date:
9 May 2025

Tender Description

This Tender is invited by the Issuer.

The National Indigenous Australian Agency (NIAA) is seeking a qualified supplier to deliver a black box penetration testing service (Pen test) targeting externally facing assets within our ONET and OneNetwork cloud environments, hosted on Microsoft Azure Cloud Platform under the Agency's INCLD (Indigenous Cloud) tenancy.

NIAA has recently implemented a new cloud-based ICT environment and Microsoft 365 services. This pen test is intended to confirm the security state of NIAA's Cloud network, identify any vulnerabilities for remediation, and support future enhancements to strengthen the Agency's overall security posture.

The engagement is being delivered in close collaboration with the Department of the Prime Minister and Cabinet (PM&C), which provides shared services to NIAA, including cyber security, network management and infrastructure support. PM&C will support the testing process by providing technical parameters, such as in-scope IP addresses, assets and exclusions, and by assisting with testing oversight and coordination.

Testing will focus on externally facing systems only, following a black box approach with no internal access or prior knowledge granted to the vendor. Testing must be non-disruptive and conducted within the defined timeframes and constrains.

Key deliverables include:

  • Participate in a kick-off meeting and confirmation of scope, boundaries and testing constraints
  • Execution of Black Box testing on externally accessible assets
  • Timely reporting of critical vulnerabilities
  • Delivery of a final pen test report with findings, risk rations and remediation advice
  • A final review meeting to reflect on lessons learned and next stages

Suppliers must have demonstrated experience delivering similar services to Government Agencies and hold relevant certifications (E.g. CREST, IRAP, OSCP). All work must align with the ASD Essential Eight, PSPF and ACSC Information Security Manual (ISM).

Estimated start date: Monday, 26 May 2025

Initial contract duration: 2 months

Extension term: Other

Extension term details: 2 x two (2) months extensions

Number of extensions: Buyer has not provided these details

Location of work: ACT

Working arrangements: Hybrid

Location

Australian Capital Territory  

Category

Information & Communication Technology   :   IT Security Services   :   IT Services  
Icon
Interested to find more tenders relevant to you and your business? You can try our advanced tender search today.