2024-0334 Support to Deployable CIS Cyber Defence Project (NS) - WED 26 Mar

Deadline Date: Wednesday 26 March 2025

Requirement: Support to Deployable CIS Cyber Defence Project

Location: Off-Site

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Period of Performance: 2025: 01 May 2025 (tentative) to 20 DEC 2025

Required Security Clearance: NATO SECRET

1. Introduction

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

As per NATO directive “Minimum Level of Communication and Information Systems Capabilities at Land Tactical Level” [MC(2019)0640], the Mission Network Operation Centre (MNOC) contains the Mission Cyber Security Operation Centre (MCSOC), which is the central mission service management and cyber security operations centre. The MCSOC provides mission-wide Cyber Defence (CD)/CIS Security visibility to the mission commander and coordinating/facilitating CD/CIS Security related reporting, incident management, coordination of incident responses, etc., for DCIS operating in exercises or actual operations.

The MCSOC is expected to be supported by staff from the NATO Cyber Security Centre (NCSC) and the NATO CIS Group (NCISG). Deployed systems are connected to static primarily via SATCOM link, so dependency on this need to be carefully planned and managed. The MNOC also has a controlled interface to existing fixed systems (e.g. NATO Secret – NS).

The MCSOC has further relationships to other NATO programmes, systems, policies, processes, and procedures that need to be integrated or reflected in developing requirements as NATO enterprise strategy evolves (for example, Federated Mission Networking).

2. Scope of work

The contractor shall support the below activities with guidance from the NCI Agency Point of Contact or delegated staff:

Development and baselining of existing documentation (AS-IS)

• Update the existing MCSOC documentation (produced in 2022 and 2023) to reflect the change of focus from the NRF towards the emerging concept of an Allied Reaction Force (ARF);

• Continuation of the previous ACT Programme of Work;

• Update the DCIS CD roadmap from 2024;

• Update MCSOC documentation;

• Update / further develop the Identity and Access management concept developed in 2022.

Reviewing, integrating, and referencing documentation

• Review and integration of aspects from previous MCSOC documentation (produced in 2022 and 2023);

• Review the Identity and Access management concept developed in 2022.

Development of a Target Architecture (TO-BE) and its technical analysis

• Develop a Programme of Work product, delivered as a standard NCI Agency Technical Report.

- With the aim to:

• Identify DCIS specific requirements and gaps to implement NATO’s Cyber Defence Regulations in the deployed environment and explore and propose possible solutions and develop a roadmap for implementation of Cyber Defence requirements in to the DCIS environment.

• Review and further develop the existing MCSOC Concept of Employment (CONEMP) in line with emerging and changing requirements of DCIS and other adjacent programmes of work in NATO.

• Review and further develop the existing concept documentation for federated SOC operation, including uplift of MSOC documentation to reflect the latest changes to Federated Mission Networking (FMN) Spirals.

• Create and/or update additional MCSOC project documentation as directed by the Technical Lead (TL) and Project Manager (PM).

The resource will provide the service using a sprint-based approach, with monthly sprints.

The deliverables and objectives for the following sprint will be reviewed and agreed in writing during the sprint retrospective meetings, to be held monthly, based on the activities mentioned above.

3. Deliverables and payment milestones

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex A).

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex A) signed by the Contractor and the NCIA POC.

The Purchaser (NCIA) reserves the right to exercise a number of options of one or more sprints based on the same deliverables, at a later time, depending on the project priorities and requirements, at the same cost.

2025: 01 May 2025 – 20 December 2025

Deliverable: Up to 8 Sprints (Number of sprints is estimated considering a starting date 01 May 2025. This will be adjusted depending on the actual start date.)

Payment Milestones: Upon completion of each monthly sprint and at the end of the work

4. Coordination and reporting

The contractor shall participate in status update meetings, sprint planning, and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to service manager’s instructions.

The Contractor shall deliver interim drafts and report the status of the deliverables as required by the NCI Agency project team, with monthly team meeting to be held on REACH.

Acceptance of each delivery completion will be documented in Annex A – Delivery Acceptance Sheet.

5. Schedule

This task order will be active immediately after signing of the contract by both parties. The period of performance is to begin on 01 May 2025 and will end no later than 20 December 2025.

6. Constraints

All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the line manager.

All documentation will be stored under configuration management and/or in the provided NCI Agency tools.

Part of the work may involve handling classified networks, therefore, a security clearance at the right level is expected for the contractor(s) undertaking this service.

7. Security

The security classification of the service will be up to NATO SECRET.

The contractor providing the services under this SOW is required to hold a valid NATO SECRET security clearance.

8. Practical arrangements

The contractor will be required to provide the service remotely.

NCI Agency will provide one NATO RESTRICTED REACH laptop computer to the contractor during the execution of the Contract. The contractor shall return this laptop computer back to NCI Agency after completion of the Contract.

This service must be accomplished by ONE contractor.

9. Travel

The contractor may be required to travel to other NCI Agency or NATO locations for completing these tasks. Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of the AAS+ Framework Contract and within the limits of the NCIA Travel Directive.

10. Qualifications

[See Requirements]

Requirements

7. Security

• The contractor providing the services under this SOW is required to hold a valid NATO SECRET security clearance.

10. Qualifications

Delivery of the services within this SOW requires a cybersecurity contractor with the following qualifications and experience:

• The contractor shall have extensive knowledge and experience (totalling more than 10 years) in Cyber Security and Information Security.

More specifically:

• M.Sc. or PhD in Information Security or in a related field of study;
• Certification on Certified Information Systems Security Professional (CISSP);

Proven experience of at least 2 years in any of the activities below:

• At least 2 years experience in concept development in the area of cyber security;
• At least 2 years experience in Cyber as a domain operational concepts;
• At least 2 years experience in working in a Security Operations Centre;
• At least 2 years experience in setting up processes for a Security Operations Centre;
• At least 2 years experience in setting up SIEM/Logging, Firewalls and NIDS/NIPS/HIDS concepts;
• At least 2 years experience in converting requirements into security architectures and technically feasible solutions;
• At least 2 years experience in system design, architecture, and implementation;
• At least 2 years experience in NATO organisational structures and relationships with NATO and Partner nations;
• At least 2 years experience in working within a complex customer environment and multi-national team;

Desirable qualifications and experience:

• Knowledge to evaluate and assess scenarios for cyber security threat / risk ratios;
• Ability to independently produce and edit technical documentation and scientific reports in English;
• Excellent communications skills; and
• Good understanding of project management methodologies.