The organization seeks a vendor to implement an enterprise-wide solution focused on preventing unauthorized application installation and execution, reducing malware and ransomware risks, and enforcing granular control over application behavior and user privileges. The platform must provide visibility into unauthorized software, libraries, dependencies, plug-ins, and extensions, as well as integrations across browsers, IDEs, and containerized environments. Regular monthly scanning and reporting of all installed applications, browser extensions, and software components is required.

The solution must integrate seamlessly with the existing ecosystem and enforce deny-by-default application execution policies on all endpoints. It should automate the discovery, profiling, and allow listing of applications, and include ringfencing capabilities to restrict application permissions and prevent unauthorized actions such as macro, PowerShell, or CMD executions. Additional requirements include elevation control to manage administrative privileges at the application level, configuration management for enforcing security baselines, and application allow listing with deny-by-default enforcement.

The platform must support Windows 10+, Server 2012+, macOS, Linux, iOS, and Android, and provide a centralized dashboard for device and application telemetry and compliance. Unified management with dynamic policy allocation is required. AI usage monitoring and strict enforcement policies against AI-related executables and browser-based access (such as ChatGPT and GitHub Copilot) are also specified. The contract is for one year.