New deal covers 13,500 end-user and on-site devices, AWS accounts and public-facing domains 

The Cabinet Office has awarded a £438,488 contract for a cloud-based vulnerability exposure platform, allowing it to look for cybersecurity weaknesses across its technology infrastructure.

According to the statement of requirements published with the contract-award notice, the department’s cyber security team has been using an on-premises vulnerability scanner which could only assess public-facing domains and included “a very small number of licences” for US firm’s specialist Tenable’s exposure management platform.

The new service – also based on Tenable technology, under licence from IT reseller Softcat, for up to two years – will be able to assess around 15,000 asset across the Cabinet Office, including Government Digital Service. This includes 12,500 end-user devices, 1,000 on-site physical devices, 1,000 Amazon Web Services accounts and 300 public-facing domains.

The statement of requirements said that this will support the Cabinet Office’s aim of developing vulnerability management “beyond MVP” (minimum viable product) and “where appropriate, fill in the remaining gaps that exist with our existing capabilities”.

The document said that only 5,000 assets will be included within the first year of the contract, with the full number reached in the second year. It also estimated that the contract would rather than in mid-March.

A quotation from Softcat for the work, produced on 26 January and also published with the contract award notice, shows that the service will use Tenable One Enterprise and that Softcat offered a two-year price of £302,321.