Cabinet Office to ‘fill gaps’ in vulnerability scanning of technology
New deal covers 13,500 end-user and on-site devices, AWS accounts and public-facing domains
Credit: Willi Heidelbach/Pixabay
The Cabinet Office has awarded a £438,488 contract for a cloud-based vulnerability exposure platform, allowing it to look for cybersecurity weaknesses across its technology infrastructure.
According to the statement of requirements published with the contract-award notice, the department’s cyber security team has been using an on-premises vulnerability scanner which could only assess public-facing domains and included “a very small number of licences” for US firm's specialist Tenable’s exposure management platform.
The new service – also based on Tenable technology, under licence from IT reseller Softcat, for up to two years – will be able to assess around 15,000 asset across the Cabinet Office, including Government Digital Service. This includes 12,500 end-user devices, 1,000 on-site physical devices, 1,000 Amazon Web Services accounts and 300 public-facing domains.
- EXCL: Cabinet Office alerted to data breach – and fails to respond for 10 days
- Revealed: Cabinet Office signed deal last month for ‘immediate cyber incident response’
- Government’s cyber plan delivers ‘a complete revolution in how we provide assurance’
The statement of requirements said that this will support the Cabinet Office’s aim of developing vulnerability management “beyond MVP” (minimum viable product) and “where appropriate, fill in the remaining gaps that exist with our existing capabilities”.
The document said that only 5,000 assets will be included within the first year of the contract, with the full number reached in the second year. It also estimated that the contract would rather than in mid-March.
A quotation from Softcat for the work, produced on 26 January and also published with the contract award notice, shows that the service will use Tenable One Enterprise and that Softcat offered a two-year price of £302,321.
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Minister reveals up more than £4m spent on testing, security and other support contracts
Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk
Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils
Department invests in technology from specialist start-up
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...