Service NSW has released a tender for a comprehensive cloud security solution to protect its applications across multiple cloud environments.
The government agency requires a Cloud-Native Application Protection Platform (CNAPP) that will secure its digital infrastructure spanning hybrid and multi-cloud setups.
A selected vendor must provide a solution covering vulnerability management, cloud security posture management, runtime protection, and compliance monitoring.
A platform that integrates seamlessly with its existing security infrastructure while supporting Service NSW's specific PaaS environment is what the agency is after.
A key requirement is compatibility with VMware Tanzu, specifically Tanzu Platform for Cloud Foundry 4.0, which forms the backbone of Service NSW's platform-as-a-service (PaaS) environment.
The successful bidder must deliver technology that addresses multiple security aspects, including artifact scanning, runtime protection, identity access management, and threat detection.
The platform will need to provide built-in compliance checks for several frameworks including CIS, NIST, PCI, ISO 27001, GDPR, and SOC 2.
Integration capabilities feature prominently in the requirements, with mandatory integration with Splunk and preferred compatibility with existing tools such as Snyk.
The contract will run initially for 12 months with an extension option based on performance and ongoing requirements.
Vendors must support multi-cloud environments including Amazon Web Services, Microsoft Azure, and Google Cloud Platform; primary operations will be on AWS however.
Australian data sovereignty and privacy regulations compliance is mandatory, along with both agentless and agent-based scanning options.
The evaluation criteria include technical capabilities, ease of integration with existing security frameworks, compliance adherence, operational support quality, and total cost of ownership.
Interested vendors must submit detailed proposals outlining how their solution meets requirements, along with technical documentation, pricing models, case studies from similar deployments, and a project plan with key milestones.
Deadline for the tender is March 25 at 3 pm, with the estimate date of decision on April 30.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
