The NSW Department of Customer Service (DCS) is seeking a managed security provider to deliver 24/7 monitoring of its centralised security platform, marking a significant expansion of the state's cyber defence capabilities.
A tender for a three-year contract, with options for two one-year extensions, calls for a hybrid Security Operations Centre (SOC) model to augment DCS's existing in-house team that currently only operates during business hours.
The successful vendor will need to monitor Microsoft Sentinel, the department's primary security information and event management (SIEM) platform.
Sentinel serves multiple agencies through a service provider model under the DCS Chief Information Security Office.
Any vendor must have experience in providing similar services in Australia and/or other Five Eyes government entities, the tender documents state.
Key requirements include 24/7 threat monitoring, incident investigation, automated response to low-priority incidents, and security engineering services.
A successful tenderer must also assist with building analytics, developing use cases, and mapping incidents to the MITRE ATT&CK framework.
Furthermore, the tender demands "complete visibility" with no "black box" components, ensuring both DCS and vendor teams have full access to detection logic and analyst activities.
The successful bidder must maintain ISO 27001 certification and ensure all personnel have baseline Australian security clearances. They will also need to participate in tabletop exercises and provide detailed post-incident reports for major security events.
The vendor will be required to provide a Tier 3 analyst during business hours to guide security analysts and drive continuous SOC improvements.
They must also monitor multiple data connectors' health and resolve any performance issues while optimizing platform costs.
Monthly reporting requirements include executive summaries, cyber threat dashboards, security incident trending, and service level performance metrics.
The tender forms part of DCS's broader security strategy to protect both its GovConnect and Digital Islands environments, with vendors required to propose their own service level agreements and rebate policies.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
