Certificate Lifecycle Management Programme Core Services

Location

Description

Network Rail is seeking to engage the market regarding the future procurement of a Certificate Lifecycle Management (CLM) solution. This project is driven by significant industry changes, including the CA/Browser Forum’s decision to reduce the maximum lifespan of public SSL/TLS certificates over the coming years. By 2029, certificates will require renewal as frequently as every 47 days, and domain validation reuse will be limited to just 10 days. These changes are intended to enhance security but will introduce substantial operational overhead, making manual certificate management impractical and automation essential. Network Rail operates across a complex landscape of on-premises, cloud, and supplier-managed environments. A key challenge is the fragmented ownership and lack of central visibility over certificates, particularly those issued and managed by third-party suppliers. This fragmentation increases the risk of outages due to expired or misconfigured certificates and limits Network Rail’s ability to monitor, renew, or enforce compliance directly. The CLM project aims to address these challenges by implementing a solution that enables the centralised, automated management of certificates throughout their lifecycle, regardless of where they are issued or managed. The solution must provide comprehensive visibility across all environments, support robust automation for renewal and validation, and enable clear supplier accountability through contractual mechanisms. This includes the ability to track certificates managed by third parties, enforce renewal responsibilities, and ensure that incidents caused by supplier failures can be managed contractually. Network Rail is inviting suppliers to demonstrate how their solutions can meet these requirements, including the ability to: Centrally track and manage certificates across all environments and suppliers. Automate certificate renewal, validation, and compliance processes. Provide visibility and control over third-party issued certificates. Support supplier accountability and contractual enforcement. Align with upcoming industry standards and security requirements. Deliver proven solutions at scale, with references from similar large infrastructure organisations. This market engagement will inform Network Rail’s approach to the procurement of a CLM solution that ensures security, operational resilience, and compliance in a rapidly evolving digital landscape.

CPV Codes

• 72260000 - Software-related services
• 72267000 - Software maintenance and repair services
• 72261000 - Software support services
• 72590000 - Computer-related professional services
• 72222300 - Information technology services
• 72212200 - Networking, Internet and intranet software development services
• 72000000 - IT services: consulting, software development, Internet and support

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. **