Request for Proposals for Cyber Range Development (2025-03)

NC3 – National Cybersecurity Competence Center

Overview

The scope of this Request for Proposal (RFP) is the design, development, and implementation of a comprehensive on-premises cyber range platform for NC3 within the framework of the NCC-LU project ( 101127115 — NCC-LU-S). This platform will enable various cybersecurity training scenarios, from offensive and defensive exercises to incident response simulations. The solution must utilize open-source technologies and operate without internet connectivity. Bidders may submit proposals for the complete system or specific components. This RFP is classified under "MARCHÉS PUBLICS DE FAIBLE ENVERGURE".

Specifications (minimum requirements):

Core Platform Requirements:

Technology base: Must be built entirely on open-source technologies
Deployment model: Hypervisor-based virtualization for on-premises implementation
Network capability: Ability to operate completely offline without internet connectivity and ensure flexible network creation for the exercise scenario
Security architecture: Strict network isolation between administrative and user components
Closed access: Access to the platform shall only be available via VPN

Functional Requirements:

Environment Creation: Ability to create and deploy vulnerable virtual machines or containers
Automation: Full automation for deploying and configuring vulnerable environments
Customisation: Customisable scenarios via pre-configured templates
Technology Support: Wide compatibility with diverse infrastructure technologies
Administration: Comprehensive administrative interface with monitoring capabilities
User Interface: Web-based interface for accessing environments and participating in challenges

Use Case Support:

Offensive Capture The Flag (CTF) training
Defensive Capture The Flag (CTF) training
Wargames (red team vs blue team) environments
Incident analysis and management simulations
Digital forensics investigation scenarios
CVE analysis environment reproduction
Malware-infected environment simulation
Cybersecurity tool testing platform
Vulnerability research environments
Sandboxing
etc.

Technical Integration:

Optional integration with CIRCL's Vulnerability Lookup product
Optional integration with the MISP threat intelligence platform
Version control system for environment configurations
Secure authentication and authorization mechanisms
Performance monitoring and logging capabilities

Deliverables:

Complete source code for all custom components
Comprehensive documentation provided upon project completion
Support after project completion
Deliverables shall be provided under an open-source license (e.g., Apache 2.0, GPL v3, or similar), and intellectual property rights will be shared between NC3 and the selected bidder.

Bid Submission

Proposals must be submitted via email to info@nc3.lu no later than 18 April 2025, 12:00 CEST. Submissions must be provided in ASCII or PDF format. All proposals must be priced in EURO and clearly marked as: Proposal for Cyber Range Development — NCC-LU-S

Each proposal must include:

Detailed technical approach and architecture
Implementation timeline and methodology
Pricing structure including development, implementation, and training
References from similar projects

Selection Criteria

Proposals will be evaluated based on:

Technical approach and alignment with requirements
Implementation timeline feasibility
Competitive pricing
The willingness to collaborate with NC3 on the development of this platform.

Document Classification

This document is classified as TLP WHITE.
Information may be distributed freely, subject to standard copyright controls.

Revision

Version 1.0: March 28, 2025 – Initial version (TLP WHITE)