Active procurements

Calls for Tender

Vulnerability disclosure policies and vulnerability databases

Deadline: 2021-03-15

OPEN Tender Procedure

Maximum budget €125.000,00

With this tender, ENISA aims to procure supporting services to take stock of existing policies and good practices on Coordinated Vulnerability Disclosure (CVD), in the EU Member States and outside the EU, as well as taking stock of the existing national, regional and global vulnerability registers and databases, and the formats, metrics, procedures used in these registers and databases.This tender has two main objectives:

Stocktaking of vulnerability disclosure policies and good practices in the EU: To draw up a report on existing national vulnerability disclosure policies and processes looking at how they work, what are good practices and lessons learned, what are challenges, legal issues, etc. This stock tacking will cover all EU countries, and some relevant third countries.

Stocktaking of global, regional and national vulnerability databases and registers: To draw up a report on existing national, regional and global vulnerability registers and databases, including an overview of formats and metrics used, to keep track of vulnerabilities and provide stakeholders with relevant information about them.

The tender documentation is officially available via the TED 'eTendering' platform, which gives exclusive access to the eSubmission portal for submitting your offer - please use this link: https://etendering.ted.europa.eu/cft/cft-display.html?cftId=7862

The documentation is also provided for reference purposes only, by clicking on the title link above.

 Offers shall be sent electronically using 'e-Submission' ONLY

Support services for the Ad-hoc cybersecurity assistance mechanism

Deadline: 2021-04-05

Framework Contracts with 'Reopening of Competition'

OPEN Tender Procedure

maximum budget €800,000.00 over 4 years

ENISA seeks to contract the services of a minimum of 3 and maximum of 8 service providers to provide support for ENISA’s work on developing and implementing an ad-hoc assistance mechanism in case of large-scale cross-border incidents or crises related to cybersecurity. The services to be provided can vary depending on the activity. For example, they can be meant for needs and requirements collection and analysis, guidelines and procedures development, provision of experts, setting up database of experts etc.

The contractors shall provide support for an Ad-hoc assistance mechanism including but not limited to working principles and conditions development, providing relevant expert support and other related activities. The successful bidders should be able to demonstrate significant experience and skills in these fields, with emphasis on the aspects dealt with in the annual ENISA Work Programme.

The tender documentation will officially be available via the TED 'eTendering' platform on 10th March, which will give exclusive access to the eSubmission portal for submitting your offer - please use this link: https://etendering.ted.europa.eu/cft/cft-display.html?cftId=8052

The documentation is also provided for reference purposes only, by first clicking on the title link above.

 Offers shall be sent electronically using 'e-Submission' ONLY

Subscribe to an always updated RSS feed of Calls for Tender

Pre Information Notices

Maturity framework project: extended framework beyond CSIRTs Network

Deadline: 2021-03-12

Negotiated procedure: maximum budget €70.000

ENISA is continuing to support operational cooperation among Member States, Union institutions, bodies, offices and agencies. Actions include establishing synergies with national and EU actors including CERT-EU with the view to exchange know how, best practices, provide advice and issue guidance.

As part of its effort, ENISA would like to conduct a project on maturity framework[1] update and possible extension beyond current application within CSIRTs Network.

This study should include at least:

  • Overview of different maturity methodologies/frameworks applicable and used in cybersecurity field.
  • Establishing synergies and identifying gaps or issues of different maturity methodologies (using ENISA maturity methodology as a reference point).
  • Propose maturity methodology/framework for other Blueprint[2] actors.
  • Recommendations for choosing the appropriate maturity methodology for organization.
[1] See https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-capabilities/csirt-maturityfor more details

[2]Blueprint for coordinated response to large-scale cross-border cybersecurity incidents and crises https://eur-lex.europa.eu/eli/reco/2017/1584/oj

If you are interested in being invited to take part in this upcoming tender procedure, then please click on the Title link above and select 'submit your interest' before the deadline.

ENISA CSIRT maturity methodology improvements

Deadline: 2021-03-12

Negotiated procedure: maximum budget €80.000

ENISA is continuing to support operational cooperation among Member States CSIRTs.  Actions include improving maturity and establishing synergies between different CSIRTs with the view to exchange know how, best practices, provide advice and issue guidance.

As part of its effort, ENISA would like to conduct a project on CSIRT maturity assessment model and evaluation methodology improvements based on the current application within the CSIRTs Network[1].

This project should include at least:

  • Overview and analysis of the current maturity assessment model and evaluation methodology applicable within the CSIRTs Network.[2]
  • Review and update of current parameters and values
  • Identifying gaps or issues of existing model and evaluation methodology
  • Advance ENISA maturity methodology
  • Design updated maturity assessment model and evaluation methodology
  • Test updated maturity framework with target stakeholders.

[1] https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-capabilities/csirt-maturity

[2] https://csirtsnetwork.eu/

If you are interested in being invited to take part in this upcoming tender procedure, then please click on the Title link above and select 'submit your interest' before the deadline.

2021 ENISA Report on CSIRT-LE cooperation

Deadline: 2021-03-15

Negotiated procedure: maximum budget €58.000

ENISA is continuing its efforts to contribute to a cooperative response at Union and Member States level to cyber incidents and support the fight against cybercrime.

As part of its efforts, ENISA aims to compile an updated and expanded report on the cooperation between the computer security incident response teams (CSIRTs) and the law enforcement agencies (LEAs) and their interactions with the judiciary (prosecutors and judges).

This 2021 Report on CSIRT-law enforcement (LE) cooperation will:

-          build upon the 2020 ENISA Report on CSIRT-LE cooperation (https://www.enisa.europa.eu/publications/2020-report-on-csirt-le-cooperation/ );

-          focus on the eight MSs/EFTA countries already covered in the 2020 ENISA Report on CSIRT-LE cooperation (Czechia, France, Germany, Luxembourg, Norway, Portugal, Romania and Sweden), plus at least eight additional MSs/EFTA countries to be selected;

-          analyse the legal and organisational framework, the roles and duties of CSIRTs (in particular national and governmental CSIRTs), law enforcement agencies and the judiciary, and their required competences, as well as synergies and potential interferences n their activities related to their responses to cyber incidents and fight against cyber-crime, respectively;

-          be based on data collected by applying the same methodology (desk research, subject matter interviews and segregation of duties matrix) used for and described in the 2020 ENISA Report on CSIRT-LE cooperation.

If you are interested in being invited to take part in this upcoming tender procedure, then please click on the Title link above and select 'submit your interest' before the deadline.

Study on CNW tool for data leaks

Deadline: 2021-03-15

Negotiated procedure: maximum budget €70.000

One of ENISA’s duties is to actively support the cooperation among the CSIRTs Network Members as laid out in the NIS directive Article 12. Amongst these tasks, ENISA is dedicated to advance the cooperative response at EU level of large scale incidents and crises. One of the main objectives of this work is to support information exchange and cooperation, cross layer and cross border between Member States and as well as with EU institutions.

As part of its effort, ENISA would like to conduct a study on a possible tool for the CSIRTs Network usage to faster and better react to incidents where sensitive data is leaked. In the recent years the rise of data breaches is significant both in terms of numbers and in records affected. Sometimes leaked databases or a compilation of previous leaks, sometimes they contain records from different sources.

ENISA would like to map the current solutions and identify the specifications for a possible tool that could serve as an aid for the CSIRTs Network in sorting these data to support efficient information exchange and rapid response. The study should include at least the following functionalities:

-          Ingesting different leaked databases in different source formats to a protected database;

-          Do automatic sorting by the different constituencies of the individual members, based on for example IP geolocation, TLD or other relevant indicator;

-          Identify data from previous leaks and exclude them from the final list;

-          Ensure GDPR compliance;

Being able to sort the data and present the results to the relevant users while ensuring that no third party assess the information.

If you are interested in being invited to take part in this upcoming tender procedure, then please click on the Title link above and select 'submit your interest' before the deadline.

Subscribe to an always updated RSS feed of Pre Information Notices

Calls for Expression of Interest

CEI – List of NIS Experts

Deadline: 2021-09-08

CEI has been EXTENDED into 2021

ENISA seeks to establish a reserve list of subject matter experts, from which collaborators may be selected to assist the Agency in carrying out the work activities foreseen in the yearly Work Programme and particularly in the following fields:

A). Technical expertise in ICTs and emerging application areas

B). ICT Security Standardisation and certification

C). Technical expertise in Critical Information Infrastructure Protection (CIIP) and CSIRTs Cooperation

D). Legal expertise in NIS

E). NIS aspects of cybercrime

Please download the "Technical Description" file to learn more details about the requirements of the Agency. ENISA welcomes applications from experts from many sectors, i.e. academia, research, industry, EU institutions, International Organisations etc.

Important: To be eligible to apply, you must be a citizen or permanent resident of an EU member state or EEA and be able to be remunerated to a bank account in one of these countries. UK applicants cannot be accepted anymore.

PLEASE NOTE: The CEI List of Experts is a tool used solely for the purposes of assessing and identifying suitable external experts for a potential future contractual working relationship with ENISA. It is emphasised that inclusion in the list does NOT mean that you are considered to be an official representative of ENISA or in any way entitled to represent the Agency.

 It therefore follows, by just being invited onto the ENISA List of Experts, that you are not authorised to speak on behalf of ENISA at public forums or present yourself as an ENISA representative/employee/advisor or expert in any way, shape or form (including on Curriculum Vita, social media etc.).

 Any verified breaches of these restrictions may result in your listing being immediately deleted.

Subscribe to an always updated RSS feed of Calls for Expression of Interest

Calls for Proposal

No calls

Subscribe to an always updated RSS feed of Calls for Proposal

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information