Awarded to Security Alliance Limited

Start date: Tuesday 5 December 2017
Value: £53,800
Company size: SME
Government Digital Service (GDS), part of Cabinet Office

WP1490a(re-issued): Threat Intelligence for GOV.UK

2 Incomplete applications

1 SME, 1 large

4 Completed applications

1 SME, 3 large

Important dates

Thursday 19 October 2017
Deadline for asking questions
Thursday 26 October 2017 at 11:59pm GMT
Closing date for applications
Thursday 2 November 2017 at 11:59pm GMT


Summary of the work
GOV.UK will be undergoing a penetration test. GDS are seeking a CBEST approved supplier to provide Threat Intelligence information under the GBEST security assessment framework.
Latest start date
Monday 4 December 2017
Expected contract length
Organisation the work is for
Government Digital Service (GDS), part of Cabinet Office
Budget range
£40k - £60k

About the work

Why the work is being done
GOV.UK is the website for the UK government. It’s the best place to find government services and information.

The site is maintained by the Government Digital Service (GDS).

GOV.UK will be undergoing a penetration test. GDS are seeking a CBEST approved supplier to provide Threat Intelligence information under the GBEST security assessment framework.

The GBEST framework aligns itself to that of CBEST and is split into 4 phases. This tender concerns itself with Phase 2, for the provision of Threat Intelligence, ahead of Penetration Testing in Phase 3 (procured separately).
Problem to be solved
The provider is expected to supply a summary of key threats to the functioning of GOV.UK, detailing the highest scoring threats to be prioritised by the Penetration Testers.

Reports are expected to be the standard of CBEST, prioritising risks to address in Phase 3 Penetration Test.

Expected outputs:
Threat Modelling
Threat Intelligence Plan
Targeting/TI Reports (Draft), Test Plan (Draft)
Targeting/TI Reports
Intelligence Assessment

The work should be completed by mid-February, but the TI provider is expected to remain available to answer questions from the Penetration Testers (Phase 3). We expect the Penetration Test will be complete by latest end April.
Who the users are and what they need to do
As a member of the public
I need to be confident in GOV.UK
So that I can rely on the information provided

As a Government Publisher
I need to trust GOV.UK
So that I can be confident that our content is secure and accurate
Early market engagement
Crown Commercial Services informed the marketplace of the launch of the GBEST pilot scheme in September and October. Whereby 2 departments intend to go out to tender for the provision of CBEST approved Threat Intelligence via the Digital Outcomes and Specialist framework 2
Any work that’s already been done
Existing team
Technical Architect and Delivery Manager
Current phase

Work setup

Address where the work will take place
GDS, Whitechapel Building, Whitechapel High Street, E1 and also supplier premises
Working arrangements
Remote working required, travel potentially required to other gov't departments. The TI provider should check-in once a week with updates on how it is going.
Security clearance
Baseline Personnel Security Standard (BPSS)

Additional information

Additional terms and conditions
The provider must share information as laid out in the GBEST Implementation Guide and abide by the GBEST Principles. Any non-disclosure agreements must not hinder the delivery of the scheme, specifically, relevant information should be readily shared between the Threat Intelligence provider, the Penetration Tester and GDS.

All expenses must be pre-agreed between the parties and must comply with the Cabinet Office Travel and Subsistence Policy.

All vendors are obliged to provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • CBEST approved, CREST certified Threat Intelligence Manager, successfully assessed against CBEST criteria to supply CBEST Threat Intelligence services.
  • Experience with performing Threat Intelligence work for modern, web- and service-based architectures and cloud technologies
  • Experience of agile delivery processes
  • Experience of assisting customers with Threat Modelling
Nice-to-have skills and experience

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • How will you will deliver the TI within the GBEST framework?
  • What TI processes/framework will you utilise?
  • What TI tooling/resources will you utilise?
  • How will you deliver the output from the TI process?
  • Team structure and skill-sets.
  • Value for money
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Excellent communication skills
  • Take responsibility for their work
Payment approach
Fixed price
Assessment methods
  • Written proposal
  • Work history
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

No questions have been answered yet