2025-0040 Cyberspace CPP 9A3201 Support (NS) - TUE 4 Mar

Deadline Date: Tuesday 4 March 2025

Requirement: Cyberspace CPP 9A3201 Support

Location: Off-Site, with attendance to sites as required and as agreed

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Period of Performance: As soon as possible, but not later than 01 April 2025 (tentative) to 31 JUL 2025

Required Security Clearance: NATO SECRET

Special Terms and Conditions

1. EXCLUSION CLAUSE

1.1 The Contractor and its sub-Contractors, shall be excluded from award of future Contract(s) and sub-Contract(s) for the provision of the services related to this contract’s deliverables listed under para.3 and 4 of Annex B - SOW.

1.2 The NCI Agency shall not consider mitigation plans regarding this exclusion.

1.3 This exclusion clause does not apply to parent companies of the Contractor and their wholly owned subsidiaries provided that the parent company or its subsidiaries provides proof to the satisfaction of the Purchaser that they operate as a separate legal entity in a completely distinguishable and different business domain. Proof as mentioned above may consist of:

- Company’s structure

- Roles and responsibilities within structure

- Business domain

- Ownership and control

- And any other proof that will fulfil the purpose of the exclusion clause

1.4 This exclusion clause shall remain valid for a period of two (2) years after Contract completion.

1.5 Once the validity period of this exclusion clause has expired, the limitations imposed by this exclusion clause shall no longer apply.

1.6 It is the responsibility of the Contractor to ensure that their subcontractor(s) are made aware of this exclusion clause prior to the subcontractor(s) commencing performance under this Contract.

1.7 The Contractor agrees that compliance with this exclusion clause is of the essence and that failure to abide to these terms shall constitute sufficient grounds for the Termination for Default of the Contract in accordance with Clause 39 of the NCI Agency Contract General Provisions.

1. PURPOSE

The objective of this statement of work (SoW) is to outline the scope of work and deliverables in support of the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project and Refresh and Maintain Obsolete Equipment (OBSO) project. These projects are two of the six in-flight Cyberspace CPP 9A3201 projects, and all products produced under this SoW must align with the interfaces and interdependencies with all NATO & National projects and systems.

The purpose of the work is to provide additional technical and product-creation support to NATO Cyber Security Centre (NCSC) to fulfil the identified activities (see ‘Scope of Work’, Section 3, below) that contribute towards this project.

2. BACKGROUND

This contract is to provide consistent support on a deliverable-based (completion-type) contract. It will provide contributions towards the NCSC project team as it develops its IFB Package. The specific work is based on the deliverables that are described in the ‘Scope of Work’ section, below.

CPP 9A3201 consists of six projects that aim to addressing critical CIS security services uplifts; implement the necessary enhancements which remain after approval of CP090120; and provide capability lifecycle support for existing and programmed CIS security services-related capabilities.

One of the six projects is the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project. Its aim is to provide maintenance of the current CIS security posture, by addressing critical CIS security services uplifts and enhancements, which remain after approval of CP120. It also addresses non-overlapping scope related to the Uplift to Security Information and Event Management (SIEM)/Log Storage, post-Intrusion Detection and Threat Hunting systems, as well seeking to provide a Cyber Threat Intelligence (CTI) capability.

CTI is a clearly-defined part of the authorised ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project, with secured funding and an authorised Schedule for project implementation. Its next project milestone is the Release of an Invitation for Bids (IFB), and much of the foundation work for this ‘project’ is in place; however, the materials now need to be developed and coordinated as it moves towards its scheduled IFB Release Milestone. As with all of the CPP 9A3201 projects, this ‘project’ is following the ‘performance-based’ methodology, with artefacts, documents and deliverables all adhering to the principles of this model. The ‘Scope of Work’ outlined directly below aims to directly address and accomplish this.

The Refresh and Maintain Obsolete Equipment for Cyber Capabilities (OBSO) project is one of the projects defined in the CPP 9A3201 Cyberspace. This project is focused on maintaining the current CIS security posture by addressing critical CIS security services uplifts and enhancements. The Cyberspace Programme aims to mitigate NATO enterprise security posture degradation due to planned and unplanned hardware/software obsolescence and to improve NATO enterprise security posture by adopting refreshed technologies and expertise.

OBSO is a clearly defined project within CPP 9A3201 with secured funding, an authorized schedule, and well-described scope. The next milestone for the OBSO project is the IFB Release, with only some preliminary work completed towards planning or drafting of this document.

3. SCOPE OF WORK

The aim of this SOW is to support NCSC with technical expertise specifically related to the development of the ‘Performance Work Statement’ and associated materials that need to be developed for the ‘Invitation For Bid(s)’ package for the Cyber Threat Intelligence (CTI) capability (that is part of the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project) and Refresh and Maintain Obsolete Equipment (OBSO) project. The specific documents and materials to be delivered are listed below in Section 4.

Under the direction / guidance of the NCSC Project Manager(s) and Project Technical Coordinator, the appointment will be the part of the NCSC Team supporting the following activities:

1) The maturation of the Cyber Threat Intelligence (CTI) ‘project’ ‘Building Blocks’ that the project team has developed (including ‘High Level Objectives’; ‘Tasks’; ‘User Stories’; ‘Risks’) into a coherent Performance Work Statement that is accessible to potential bidders and fully mature.

2) Involvement with workshops and collaborative sessions that enable the aforementioned Performance Work Statement to connect with other associated artefacts, such as the Quality Assurance Surveillance Plan and the ‘Landscape Document’. Some active contribution to the content might be expected.

3) Prepare the IFB materials for the Refresh and Maintain Obsolete Equipment (OBSO) project. The task involves, but is not limited to, a) updating the list of obsolete cybersecurity devices for replacement as an Annex to the IFB; b) drafting a bill of materials (BoM) with associated price estimation and prioritization of these devices; c) producing a matrix of interfaces and interdependencies with other NATO and National projects and systems; d) collaborating with the NCSC Cyber Security Services Framework (CSSF) team to produce a draft Task Order (TO); and e) Preparing draft technical specifications supporting the IFB.

4) Liaison with project stakeholders on behalf of the project to garner information required to mature the artefacts.

The measurement of execution/completion of this work will be:

1) Frequent and regular meetings and reporting points, both formal and informal, between the Contractor and the NCSC Project Manager(s) and/or Project Technical Coordinator to ensure consistent progress and agreement of expectations between all parties;

2) Sign off by the NCSC Project Manager(s) and Project Technical Coordinator of high-calibre artefacts and products;

3) Ultimately, the delivery by the Contractor of matured and completed artefacts, which fulfil the IFB checklist criteria as per NATO standards and policies, that are ready to be packaged for the IFB Release.

4. DELIVERABLES AND PAYMENT MILESTONES

The following deliverables are expected from the work on this SoW by 31 st July 2025:

Deliverable 01: Regular support to meetings, develop plan of action for completion of these tasks, and templates for draft product(s).

Cost Ceiling: 5%

Payment Milestones: 15th April, 2025

Deliverable 02: CTI Performance Work Statement (draft version)

Cost Ceiling: 25%

Payment Milestones: 30th April, 2025

Deliverable 03: CTI Performance Work Statement (final version)

Cost Ceiling: 25%

Payment Milestones: 30th May, 2025

Deliverable 04: Draft OBSO list of obsolete cybersecurity devices deconflicted with CP120 Annexes

Cost Ceiling: 10%

Payment Milestones: 15 th June, 2025

Deliverable 05: Final OBSO List of obsolete cybersecurity devices, BoM/price estimate, and list of interfaces/interdependencies

Cost Ceiling: 15%

Payment Milestones: 30 th June, 2025

Deliverable 06: OBSO Draft CSSF TO and draft technical specifications for IFB

Cost Ceiling: 10%

Payment Milestones: 15th July, 2025

Deliverable 07: Provide detailed Handover/takeover documentation of all work under this SoW including files and points of contact

Cost Ceiling: 10%

Payment Milestones: 31st July, 2025

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex C).

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex C) signed by the Contractor and the project authority.

5. COORDINATION AND REPORTING

The Contractor shall participate in weekly project stand up meetings as scheduled by the NCSC Project Manager(s) and/or Project Technical Coordinator, as well as other meetings as deemed appropriate by the NCSC Project Manager(s) and/or Project Technical Coordinator.

The Contract may be asked to provide contributions to meetings and reports requested of the NCSC Project Manager(s) and/or Project Technical Coordinator.

The Contractor shall attend NATO locations when required by the NCSC Project Manager(s) and/or Project Technical Coordinator as part of this role. In such instances, travel expenses for missions to other NATO/NCIA locations will be reimbursed separately, as per AAS+ framework contract provisions and NCIA Travel Directive.

At the point of the acceptance of the Deliverable(s), and having ensured safe transition of said Deliverables, the Contractor shall provide a Report that summarises the activities during the period of performance.

In accordance with IKM, all work that has been undertaken by the Contractor will be fully documented and available to the project team via the project portal.

6. ACCEPTANCE AND REJECTION CRITERIA

a) Acceptance Criteria

a.1. Quality of work reached NATO standards

a.2. Tasks are completed within the assigned time

a.3. Performances are as defined by the line manager

b) Rejection Criteria

b.1. Quality of work is below NATO standards

b.2. Tasks are not completed within the assigned time

b.3. Performances are not as defined by the line manager

7. SCHEDULE

This task order will be active immediately after signing of the contract by both parties.

The period of performance is as soon as possible but not later than 01 April 2025 (tentative) and will end no later than 31 July 2025.

8. CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact (NCSC Project Manager(s) and/or Project Technical Coordinator).

All documentation etc. will be stored under configuration management and/or in the provided NCIA tools.

All deliverables will be signed off as acceptable by the project point of contact (NCSC Project Manager(s) and/or Project Technical Coordinator) prior to payment being authorised.

9. SECURITY AND NON-DISCLOSURE AGREEMENT

It is mandatory for the candidate to be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.

10. PRACTICAL ARRANGEMENTS

The contractor will be permitted to work off-site remotely as part of this engagement.

The contractor may be required to travel to NATO locations as part of his role. Travel expenses for missions to other NATO/NCIA locations will be reimbursed separately, as per AAS+ framework contract provisions and NCIA Travel Directive

The contractor will be required to work within a NATO country, following the rules and regulations applicable for the operations of NATO CIS.

This work must be accomplished by one contractor for the entire duration of the contract.

The Purchaser will provide the contractor with the following Purchaser-Furnished Equipment (PFE):

• Access to NATO sites, as required, for the purpose of executing this SOW.

• Workspace (needed business IT for on-site work via a hot-desk NCSC facility).

• NCIA “REACH” laptop to be used by the contractor for the execution of the contract.

11. REQUIRED PROFILE

[See Requirements]

12. DESIRABLE PROFILE

[See Requirements]

9. SECURITY AND NON-DISCLOSURE AGREEMENT

• It is mandatory for the candidate to be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.

11. REQUIRED PROFILE

The contractor(s) that is going to perform the identified tasks and thus must possess and be able to demonstrate the skills, knowledge and experience as listed below.

• Bachelor's degree in Computer Science, Information Technology, or related field, or equivalent experience.
• Cyber Security and Cyberspace Background related to both the protection of military networks and securing operations and missions.
• CISSP experience and certification.
• Strong analytical and problem-solving skills.
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
• Familiarity with the CFCDGM governance model and capability development lifecycle.
• Familiarity with the range of NATO Stakeholders.
• Practical working experience within the Cyber domain with 2-4 years of experience working within Cybersecurity topics.
• Familiarity with Defence / NATO Procurement processes.
• Familiarity with high-quality public-facing Documentation Production.
• Prior knowledge of NATO IFB related work is helpful but not essential.
• Experience of working with classified material.

12. DESIRABLE PROFILE

The candidate should also ideally have knowledge and experience in the following areas:

• Experience of working with NATO and awareness of the NATO Command Structure;
• Experience of working with NATO Communications and Information Agency;
• Experience and familiarity with NATO networks and cybersecurity;
• Experience of working with national Defence or Government entities.