The Bank of Mauritius published responses to bidder queries on its request for proposals to supply, install and configure a Privileged Access Management (PAM) tool, launched on 18 August 2025. The clarifications confirm the expected deployment approach and several mandatory functional requirements, and the bank rejected a request to extend the proposal submission timeline. Key points include that the solution should be agentless and deployed on-premises, while being able to support access to public and private cloud environments. The bank stated it will not provide a virtual machine, meaning bidders should cater for required hardware and virtual machines where an appliance is not available. The bank also confirmed as mandatory requirements the ability to identify and automatically eliminate hardcoded and embedded application credentials, provide an on-premises approach to just-in-time privileges, enforce fine-grained controls to restrict or block password access to particular resources, restrict access requests to corporate networks or other approved sources including designated third-party locations, and provide a self-service option for users. Training scope, MFA approach (including whether to integrate with existing RCDevs MFA or use built-in MFA), and elements such as architecture, licensing model, support and HA/DR options are left for bidders to propose, with sizing inputs referenced back to the RFP sections.
Bank of Mauritius 2025-08-29
Bank of Mauritius issues bidder clarifications for privileged access management tool RFP and refuses deadline extension
The Bank of Mauritius released clarifications on its RFP for a Privileged Access Management tool, confirming deployment must be agentless and on-premises, with support for cloud environments. Mandatory requirements include eliminating hardcoded credentials, just-in-time privileges, and fine-grained access controls. Bidders must provide hardware and virtual machines, with training, MFA, and other elements open for proposal.