83/376. Technical Evaluation Questionnaire. DIGIT/R2/PO/2009/035 PKI Services - Tendering specifications

Transcription

1 83/376 Annex 3: Technical Evaluation Questionnaire DIGIT/R2/PO/2009/035 PKI Services - Tendering specifications

2 84/376

3 85/376 ANNEX 3 TECHNICAL EVALAUATION QUESTIONNAIRE Call for Tenders DIGIT/R2/PO/2009/035 PKI SERVICES Name of the tenderer: DIGIT/R2/PO/2009/035 PKI SERVICES Annex 3 -Technical Evaluation Questionnaire 1/6

4 86/376 TABLE OF CONTENTS: 1. TECHNICAL AND OPERATIONAL APPROACH FOR THE SET-UP OF THE MIXED INTERNET/STESTA ENVIRONMENT 4 2. SERVICES (IN PARTICULAR PROCESSES, CERTIFICATION POLICY STATEMENT) 5 3. SUPPORT ORGANISATION 6 DIGIT/R2/PO/2009/035 PKI SERVICES Annex 3 -Technical Evaluation Questionnaire 2/6

5 87/376 Overview The tenderer shall answer the questionnaires in this Annex to provide the necessary information and documentation for the technical evaluation of the tender. The questions are grouped per evaluation criteria. The questions are grouped according to the corresponding evaluation criteria: 1. Technical and operational approach for the set-up of the mixed internet/stesta environment 2. Services (in particular processes, certification policy statement) 3. Support organisation Please note that each question has to be answered individually. Answering questions by making crossreferences to answers given to other questions is not permitted. Tenderers should provide information and documentation that are directly relevant to answer the specific questions. General purpose marketing material which is not relevant to the questionnaire will not be evaluated. In all cases, references to documentation included as part of the offer should be given precisely (document name, section number and page number). Please note that each question in the same criterion has the same weighting. DIGIT/R2/PO/2009/035 PKI SERVICES Annex 3 -Technical Evaluation Questionnaire 3/6

6 88/ TECHNICAL AND OPERATIONAL APPROACH FOR THE SET-UP OF THE MIXED INTERNET/STESTA ENVIRONMENT 1.1. Do you commit yourself to establish the connection of your infrastructure to the stesta network? YES/NO (mandatory) 1.2. Please describe your proposal (functional and technical) that allows connectmg your infrastructure to the stesta network. Please refer to Annexes 1 (section 2) and la for a description of the stesta network Do you commit yourself to provide all the certificates required under the scope of this call for tenders? YES/NO (mandatory) 1.4. Please demonstrate that your proposal (as described in question 1.1) allows for the distribution of keys and/or certificates and access to the CRL(s) via the stesta network. Please refer to Annexes 1 (section 2) and la for a description of the stesta network Do you commit yourself to assure the full operability of the infrastructure, as described in Annex 1, section 2? YES/NO (mandatory) 1.6. Please demonstrate how you will ensure the provision of the infrastructure operational service, as described in Annexes 1 (section 2). DIGIT/R2/PO/2009/035 PKI SERVICES Annex 3 -Technical Evaluation Questionnaire 4/6

7 89/ SERVICES (IN PARTICULAR PROCESSES, CERTIFICATION POLICY STATEMENT) 2.1. Have you enclosed your CPS (Certification Practice Statement)? YES/NO (mandatory) 2.2. Please provide a copy of your CPS (Certification Practice Statement) that is applicable to the services required under this call for tenders. Such statement should specify the practices you use in issuing and otherwise handling their keys and certificates. This includes the practices and procedures followed in authenticating the holder of a key pair, and the operating policy, procedures, security controls and systems you employ in your operations and in support of the issuance, management and revocation/suspension of a certificate. Please note that some of the services/processes/procedures described in your CPS, may be chosen by the Commission and incorporated into the SLA Please provide a description of all types of user certificates that are required under this call for tenders (lightweight certificate policy, normalized certificate policy, qualified certificate policy) - including all their relevant properties - with a description of the process for verifying the status of the server certificates against the CRL Please provide a (detailed) description of the process you have in place to provide user certificates under your CPS as you described in question 2.1. As a minimum the process should describe the steps to request, order, production, and delivery of the certificates Please provide a description of all types of server certificates that are required under this call for tenders (TLS/SSL server certificates, wildcard certificates) - including all their relevant properties - with a description of the process for verifying the status of the server certificates against the CRL Please provide a (detailed) description of the process you have in place to provide server certificates under your CPS as you described in question 2.1. As a minimum the process should describe the steps to request, order, production, and delivery of the certificates. DIGIT/R2/PO/2009/035 PKI SERVICES Annex 3 -Technical Evaluation Questionnaire 5/6

8 90/ Please provide a detailed description of the structure and management of your publicly accessible repository to store and make available certificates and Certificate Revocation Lists (CRLs), including a detailed description of the structure, operations and management of the OCSP, if available Please describe your proposal (functional and technical) that allows providing managed (outsourced) PKI services via Local Registration Authorities (LRA). Please refer to Annex 1 (section 3) for a description. SUPPORT ORGANISATION 3.1. Explain in detail how your support organisation related to the provision of certificates, under the scope of this call for tenders, is organised Please describe how you ensure that the knowledge and experience of your technical staff is kept up to date, for the services which are the object of this call for tenders, including your approachjo. training offered to staff in new and existing technologies. DIGIT/R2/PO/2009/035 PKI SERVICES Annex 3 -Technical Evaluation Questionnaire 6/6