Modern Security Solution to Support Hybrid Environment
Tender ID: 606024
Tender Details
Tender Description
This Tender is invited by the Issuer.
Key problem/s
Treasury is seeking to enhance existing security controls to consistently provide unified visibility, policy enforcement, and threat protection across internet traffic and cloud applications, particularly where users and data are distributed beyond traditional network boundaries. Transitioning from a perimeter-based security model to a cloud-native zero trust architecture.
Treasury is seeking to strengthen existing security controls to deliver consistent, unified visibility, policy enforcement, and threat protection across internet traffic and cloud applications. This need is driven by the growing distribution of users and data beyond traditional network boundaries. Treasury is transitioning from a perimeter-based security model to a cloud-native Zero Trust architecture to ensure secure access and protection in a modern, distributed environment.
The users and their needs
Treasury’s operating environment includes a highly mobile workforce (estimated 2,500 users), increasing reliance on Software-as-a-Service (SaaS) platforms, and access to sensitive information from both on-premises and remote work locations.
The objective of this RFI is to inform Treasury’s options for future networking and cyber security capabilities and seeks to understand how modern solutions can:
- Improve visibility and control over web and cloud application usage, including sanctioned and unsanctioned services, and the use of AI applications.
- Protect Treasury information from threats, data loss, and unauthorised access.
- Enable consistent enforcement of security and data protection policies regardless of user location or device.
- Support compliance with the Protective Security Policy Framework (PSPF), Information Security Manual (ISM), and relevant privacy and data handling obligations.
- Reduce security risks associated with direct internet access, shadow IT, Artificial Intelligence and cloud service adoption.
This RFI will inform Treasury’s understanding of available market capabilities, associated costs (inclusive of any infrastructure or networking costs), and assist in determining potential approaches to enhancing web and cloud security in a manner that supports secure, flexible, and modern ways of working.
Technical/business constraints
The Potential supplier must:
- have successfully completed an independent Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED level, conducted by an Australian Signals Directorate (ASD) accredited assessor.
- The solution must ensure that all data (including backups, metadata, logs, and disaster recovery copies) is hosted and processed exclusively within Australia. No data may be accessed, transferred, or stored outside this jurisdiction, including by subcontractors or cloud service providers.