Key Details and Relevance
The Mexican Secretariat of the Navy (SEMAR), through the National Port System Administration Manzanillo (ASIPONA), has issued an invitation to bid for a comprehensive cybersecurity diagnosis and monitoring service. This service aims to safeguard the infrastructure and systems of the Manzanillo Port and the Project for a Secure Intelligent Port (PIS), which digitalizes and automates processes at Manzanillo Port and other system facilities, along with their security, access control, cargo, and payments.
Manzanillo Port is considered Mexico’s most crucial port due to its significant concentration of the country’s maritime trade, especially in containers. It serves as the primary entry and exit point for Mexican businesses to access Asian markets. According to the National Customs Agency, Manzanillo’s customs office contributes nearly 29% of all external trade taxes generated in Mexican ports, having already collected over 78 billion pesos in the first five months of 2025.
Contract Scope and Duration
The contract, valid for 12 months starting from November 16, 2025, encompasses monthly cybervigilance (with 12 annual reports), penetration testing, monitoring of open sources including the web, deep web, and dark web, review of published links and services availability, support for endpoint platform (specifically SentinelOne), and scheduled technical reviews of servers.
Additionally, the contract requires software quality analysis through “white box” and “black box” studies and pentests in at least five connected locations to the PIS infrastructure throughout the contract period. The service provider must adhere to international frameworks and standards for testing and audits, such as ISSAF, OSSTMM, and PTES. The provider should also hold relevant security management certifications like ISO 27001:2022.
Key Dates and Payment Structure
- Clarification meeting: October 7, 2025
- Proposal submission and opening: October 15, 2025
- Announcement of the award: October 21, 2025
- Contract signing: October 23, 2025
The contract will be awarded to a single provider on a fixed-term basis. Payment will occur in 12 monthly installments in Mexican pesos, contingent on the delivery and acceptance of reports, minutes, and invoices, as well as verification by SEMAR’s Planning Department.
Importance of Cybersecurity
Given the sensitive nature of the service, bidders must submit a confidentiality letter and meet legal and tax requirements (positive opinions from SAT, IMSS, INFONAVIT, RUPC registration, legal personality accreditation, etc.). The invitation will be electronic, and proposals can only be submitted through the Compras MX platform; no physical or in-person submissions will be accepted.
This contract aims to align with the SEMAR’s Ciberspace Strategy 2021-2024, emphasizing national security objectives mentioned by the issuing entity. The invitation to bid highlights the necessity of strengthening computing and digital services capabilities at Manzanillo Port.
Key Questions and Answers
- What is the purpose of this contract? The Mexican Navy seeks a cybersecurity service to protect the Manzanillo Port’s infrastructure and systems, aligning with national security objectives.
- What does the contract entail? The service includes monthly cybervigilance, penetration testing, open-source monitoring, software quality analysis, and scheduled server reviews.
- What are the key dates for this contract? The clarification meeting is on October 7, 2025; proposal submission and opening on October 15, 2025; award announcement on October 21, 2025; and contract signing on October 23, 2025.
- How will the contract be paid? The contract will be paid in 12 monthly installments in Mexican pesos, subject to the delivery and acceptance of reports, minutes, and invoices, as well as verification by SEMAR’s Planning Department.
- Why is this contract important? Manzanillo Port’s digitalization and automation require robust cybersecurity measures to protect critical trade infrastructure and ensure secure operations.
