2024-0326 Support to NATO Headquarters Sarajevo AOM (CTS) BELGIUM - 19 Jun

Deadline Date:  Thursday 19 June 2025
 
Requirement:   Support to NATO Headquarters Sarajevo Allied Operations Mission (AOM)
 
Location:  Mons, BELGIUM
 
Time On-Site:  100%
 
Not to Exceed:  2025 BASE: 3,240 EUR/sprint (20 sprints, total NTE 64,800 EUR), 2026, 2027, 2028 OPTIONS
 
Period of Performance:  2025 Base period: 22 July 2025
 
Required Security Clearance:  NATO COSMIC TOP SECRET
 
Background:
The NATO Communications and Information Agency (NCIA) is dedicated to acquiring, deploying, and defending communication systems for NATO’s political decision-makers and Commands. It operates on the frontlines against cyber-attacks, collaborating closely with governments and industry to prevent future debilitating attacks. The NCIA plays a crucial role in maintaining NATO’s technological edge and ensuring the collective defence and crisis management capabilities of the Alliance. In pursuit of our mission, we require specialized advisory services to enhance our interim workforce capacity.
 
Introduction:
NATO Cyber Security Centre (NCSC) is looking for a contractor to support the work of Enable Branch: to ensure the availability, performance, and security of NATO’s data and communication networks across multiple sites. Focus will be on delivering key networking solutions and providing technical expertise in compliance with NATO’s operational requirements and security standards.

Objectives:

• The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of NATO’s Headquarters Sarajevo Allied Operations Mission (AOM) with a deliverable based (completion-type) contract to be executed in 2025.
• The main objective is to secure advisory services that provide expert guidance and support in the end-to-end management of infrastructure supporting AOM networks, working within a framework of Service Level Agreements (SLAs) to deliver secure and reliable solutions.
• Current State: Endpoint devices are managed through fragmented systems with manual processes, leading to inconsistent updates, inefficiencies, and security vulnerabilities across the organisation
• End State: The desired outcome is that a centralized, automated endpoint management system is in place, offering real-time monitoring, enhanced security, and scalability, ensuring consistency and compliance across all devices.
• We are aiming high availability, security, and performance of critical mission systems and platforms, which are essential to NATO’s operational success.

• Network Systems Design & Deployment: Assist the design, installation, and configuration of systems and platforms that underpin NATO’s AOM networks; Ensure scalability; Ensure high availability of AOM networks

• Platform Management & Optimization: Manage AOM network platforms; Monitor AOM network platforms; Optimize AOM network platforms; Ensure the AOM network platforms meet NATO’s performance, security, and reliability standards

• Ensure all AOM systems and platforms comply with NATO’s strict cybersecurity policies and frameworks

• Incident Response & Troubleshooting: Serve as a primary point of contact for troubleshooting and resolving system and platform issues within the AOM environment, Ensure timely recovery of services.

• Due to the nature and classification of the working environment, all services and deliverables outlined in this Statement of Work (SOW) will be performed onsite, on client’s premises, at NCIA location in S.H.A.P.E. Mons, Belgium. The contractor will be physically present on location to conduct assessments, implement network solutions, and provide ongoing support as required throughout the project.
• NCIA IT equipment will be provided (one REACH laptop will be provided). This equipment can be used by one person only and associated to that individual. Results of the work to be stored on NCIA NATO RESTRICTED SharePoint portal and/or in the provided NCIA tools.
• All developed solutions will be property of the NCIA.

• Provide necessary access to systems and information required for all services
• Tools and equipment (laptop) will be provided for remote service provisioning. Access to the Agency’s tools that are used to execute daily tasks will be provided.
• Designate primary points of contact for escalations and decision-making
• Early Definition: Establish criteria at the beginning of the project or sprint; Refine criteria as needed throughout the development process
• Prioritization: Identify must-have criteria vs. nice-to-have features; Align prioritization with project / service goals and constraints
• Consider Edge Cases: Include criteria for handling unexpected inputs or scenarios; Address potential failure modes and error handling

• The Contractor shall deliver services onsite in Mons, Belgium.
• The highest level of classification that contractor may need to access is NATO Cosmic Top Secret. As a result of this contractor must hold a valid NATO Cosmic Top Secret Security Clearance.
• The contractor shall report to the SDM and Technical Leads of NCSC Enable Branch.
• The Contractor shall participate in monthly status update meetings and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to service delivery manager’s instructions.
• For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in writing, within five (5) working days after the sprint’s end date. A report in the format of a short email shall be sent to NCIA POC briefly mentioning the work held and the achievements during the sprint.

• All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.
• All documentation etc. will be stored under configuration management and/or in the provided NCIA tools.

• It is mandatory for the Contractor to be in possession of a NATO COSMIC TOP SECRET (CTS) security clearance to facilitate follow-on engagements and coordination at NATO venues.
• The signature of a Non-Disclosure Agreement between the contractor contributing to this task order and NCIA will be required prior to execution.

• Access to NATO sites, as required, for the purpose of executing this SOW.
• Workspace (needed business IT for both on- and off-site work, hot-desk at NCSC facility).
• NCIA “REACH” laptop to be used by the contractor for the execution of the contract.

• Regular travel costs to and from the service delivery location (SHAPE) are out of scope and will be borne by the contractor.
• Travel costs to other NATO locations are not included in the quoted price as there is no expected travel foreseen.
• However, should travel be required, travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of the AAS+ Framework Contract and within the limits of the NCIA Travel Directive.

• Security Classification: It is mandatory for the Contractor to be in possession of a NATO COSMIC TOP SECRET (CTS) security clearance to facilitate follow-on engagements and coordination at NATO venues.
• Language Proficiency: English Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (3); Reading (3); and Writing (3) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level)

• Educational Background: A university degree from a nationally recognized or certified institution in a technical field with a strong emphasis on Information Technology. At least 6 years of specific experience in virtualized technologies (e.g., VMware vSphere, vSAN, NSX).
• Industry Certifications: Must have demonstrated experience and hold relevant certifications in virtualized technologies, as the following key technologies: VMware Horizon View; VMware vSphere; vSAN; vROPS; VMware Cloud Foundation (VCF); ARIA OPS. Certifications like VMware VCP Data Centre Virtualization or equivalent are highly desirable.
• Cloud Infrastructure Expertise: High-level knowledge and experience working with cloud-based infrastructures such as VMware VCF and Microsoft Azure.
• Storage Solutions Administration: Proven experience in managing enterprise storage solutions, including technologies like Dell EMC Unity or HP 3PAR.
• Backup and Restore Expertise: Advanced knowledge of administering backup and restore technologies on Veritas NetBackup.
• Firmware Management: Experience in planning, maintaining, and updating firmware baselines for enterprise hardware using tools like Dell OpenManage Enterprise or HP OneView.
• Windows Server Expertise: Demonstrated expert-level experience with Windows Server Operating Systems (2016, 2019, 2022).
• Microsoft Ecosystem Certification: Holds a recognized certification in Microsoft technologies such as MCSE (Microsoft Certified Solutions Expert) or related fields, particularly in Active Directory and Cloud Infrastructure.
• Cybersecurity Expertise: In-depth knowledge of cybersecurity tools and their integration, with expertise in: Vulnerability assessment tools like Nessus Tenable; Security Information and Event Management (SIEM) solutions like Splunk; Forensic tools like Access Data Enterprise and Fidelis Endpoint Security
• Infrastructure and Operations Maintenance: Familiarity with AOIM (Automation of IT Management) missions and ensuring the reliability of their hosting infrastructures.
• International Experience: Prior experience working in an international environment, including both military and civilian components, is a strong asset.