2025-0313 ACPV Data Analysis, Discover and Onboarding Supp. (NS) BELGIUM - 5 Dec

Please do  NOT  apply for any NATO contract positions unless you meet ALL the following criteria:

Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.

Background:

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

Introduction:

• The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the NCSC executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.
• The TRANSFORM Branch supports the missions of the NCSC by ensuring the delivery of coherent, holistic, effective and efficient Cyber Security services across the NATO Enterprise.
• The Enterprise Asset, Configuration, Patching and Vulnerability (E-ACPV) Project refers to the comprehensive management of technology assets to enhance NATO's cyber security posture.
• ACPV is a broad concept. It is the first Enterprise-wide data service. It will host data from across the NATO Enterprise, building the platform on which cyber security professionals will analyse and manage vulnerabilities. The term "assets" refers to information systems or technology that contain, host or process NATO data. "Configuration" refers to the initial set-up of these assets, the way they are pieced together and remain secure. "Patching" then refers to repairing, upgrading or updating these systems. The correct configuration and patching of assets significantly improve cybersecurity and reduces vulnerability of the Alliance as a whole to cyberattacks.

Purpose:

• The objective of this Statement of Work (SoW) is to outline the scope of work and deliverables for the ACPV Data Analysis, Data Source Discover and Data Source Onboarding Support for NCSC.
• The purpose of the work package is to provide support to NCSC to fulfil identified ACPV Discover, Onboarding and Analysis activities more effectively, as well as documentation activities related to the ACPV implementation and service.

Scope of Work:
The aim of this SOW is, under the direction / guidance of the NCSC Point of Contact, to support NCSC with technical expertise specifically related to ACPV - both project implementation activities and delivery of the service after implementation completion, with a deliverable based (completion-type) contract to be executed in 2026 and 2027.
Service performed by the Contractor will be focused on the following activities:

• Analysis of data sources related to assets, configurations, and vulnerabilities. (Weekly)
• Validation of onboarded data sources. (Weekly)
• Leading technical discussions on data sources, correlation, SOP. (Weekly)
• Preparation and presentation of technical findings, provision of recommendations, and documentation of results. (Weekly)
• Support data source discovery, data source onboarding, and data lifecycle processes in the context of ACPV. (Weekly)
• Review ACPV service for depth, compliance, and vulnerability exposure. (Weekly)
• Representation of NCIA to stakeholders, delivering presentations and recommendations. (Weekly)
• Documentation of ACPV processes. (Weekly)

Analysis of data sources related to assets, configurations, and vulnerabilities:

• Deliverables expected from the Contractor are outputs from a comprehensive examination of  various data repositories to identify critical information concerning the organization's assets, their  configurations, and any potential vulnerabilities. The process begins with the identification and cataloguing of relevant data sources that contain information about the network and information systems. This involves extracting pertinent data to build a comprehensive understanding of asset configurations and vulnerabilities. The analysis focuses on assessing vulnerabilities, identifying security gaps, and reviewing asset configurations to ensure compliance with established security standards. By synthesizing these findings, the task aims to provide actionable insights and recommendations for enhancing the security posture of the organization.
• Through this analysis, the organization seeks to gain a deeper understanding of its assets and configurations, ultimately identifying potential security risks and areas for improvement. The task culminates in the preparation of detailed reports that summarize the analysis results, highlight key vulnerabilities, and suggest mitigation strategies.
• These reports serve as a foundation for decision-making, enabling the organization to proactively address vulnerabilities and strengthen its network and information system security framework. By undertaking this task, the organization demonstrates its commitment to maintaining a robust security posture, ensuring the protection of its critical assets and information systems.

Validation of onboarded data sources:

• Deliverables expected from the Contractor are outputs from thorough examination and confirmation of the reliability and accuracy of data sources that have been integrated into the organization's systems. This process ensures that the data sources meet predefined criteria and standards for quality, relevance, and security. The validation task includes assessing the data's integrity, completeness, and consistency, as well as verifying the source's authenticity and compliance with organizational policies and industry regulations.
• The objective of this task is to guarantee that the data sources provide dependable and actionable insights for decision-making processes. The approach involves collaborating with technical teams and stakeholders to review documentation, conduct technical evaluations, and perform data analysis. This task may also include identifying potential vulnerabilities and recommending corrective actions to enhance data security and usability. Regular validation exercises are crucial to maintaining the organization's data ecosystem's robustness and ensuring that it supports strategic objectives effectively.

Leading technical discussions on data sources, correlation, SOP:

• Deliverables expected from the Contractor are outputs from orchestrating and guiding conversations among internal and external stakeholders to address technical aspects related to data management and utilization. This includes discussions on the selection, integration, and optimization of data sources, as well as the methodologies for correlating data to derive meaningful insights. The task requires expertise in both technical and strategic dimensions, ensuring that all parties have a clear understanding of the processes, challenges, and solutions associated with data handling.
• The objective is to foster a collaborative environment where technical complexities are dissected and resolved, and where SOPs are reviewed and refined to enhance operational efficiency. The approach involves setting agendas, facilitating discussions, and synthesizing diverse viewpoints to develop actionable strategies. Leading these discussions ensures alignment between technical capabilities and organizational goals, promoting effective data exploitation and adherence to best practices. Regular engagements and follow-ups are essential to maintain momentum and drive continuous improvement in data management processes.

Preparation and presentation of technical findings, provision of recommendations, and documentation of results:

• Deliverables expected from the Contractor are outputs from compiling and analysing data-driven insights and translating them into comprehensive technical reports. This task requires the synthesis of complex information into clear, actionable findings that are easily understood by both technical and non-technical stakeholders. The preparation phase includes data analysis, identification of key trends, and evaluation of technical performance, which is then structured into a coherent presentation format.
• The objective is to effectively communicate technical findings and recommendations to inform decision-making and drive strategic initiatives. The approach includes creating detailed documentation that captures the methodology, results, and implications of the analysis. Presentations are tailored to the audience, emphasizing clarity and relevance, while recommendations are aligned with organizational goals and operational realities. The documentation serves as a valuable resource for future reference, ensuring that insights are preserved and can guide ongoing and future projects. Regular updates and feedback loops are integral to refining the process and enhancing the impact of the findings.

Support data source discovery, data source onboarding, and data lifecycle processes in the context of ACPV

• Deliverables expected from the Contractor are outputs from assisting in the identification and integration of new data sources into the ACPV (Assumed Contextual Project or Program Value) framework. This includes evaluating potential data sources for their applicability, reliability, and alignment with project objectives. The task also encompasses the onboarding process, ensuring that new data sources are seamlessly integrated into existing systems and processes, while adhering to organizational standards and protocols.
• The objective is to enhance the ACPV's data ecosystem by expanding and optimizing the range of data sources available, thereby improving the quality and scope of data-driven insights. The approach involves close collaboration with technical teams to streamline the onboarding process, ensuring that all necessary security, compliance, and operational checks are conducted. Additionally, supporting the data lifecycle processes involves ongoing monitoring, maintenance, and optimization of data sources to ensure their continued relevance and effectiveness. This task is crucial for maintaining a dynamic and robust data environment that supports the project's evolving needs.

Review ACPV service for depth, compliance, and vulnerability exposure:

• Deliverables expected from the Contractor are outputs from comprehensive evaluation of the ACPV service to ensure it meets the necessary technical and security standards. This process requires a detailed examination of the service's architecture, configurations, and operational procedures to verify that they align with the established compliance requirements. The review will assess the depth of IT services provided, ensuring they are robust and comprehensive enough to support the organization's needs. This includes analysing the service's documentation, Standard Operating Procedures (SOPs), and technical reports to identify any discrepancies or areas for improvement.
• Additionally, the task involves identifying potential vulnerabilities within the ACPV service that could pose security risks to the organization. This includes scrutinizing the interconnection points between networks and information systems, as well as evaluating the effectiveness of existing security measures. The goal is to uncover any weaknesses that could be exploited by malicious actors and to provide recommendations for mitigating these risks. By conducting this thorough review, the organization can ensure that the ACPV service operates securely and efficiently, maintaining compliance with internal and external standards

Practical Arrangements:
 
This is a deliverables-based contract.
Place of Performance:

• The NCSC ACPV Team is located in The Hague (TH), Netherlands, and Braine L'Alleud (BLA), Belgium.
• The Contractor will be required to provide the service 100% on-site at NCIA BLA.
• The location of performance might change to Mons or Brussels. This location change will not have an impact on the awarded price.
• Exceptional Teleworking activities to support service delivery can also be arranged with the Point of Contact's coordination and approval.

Hours of Operation:

• The service will be conducted during normal office hours following the NCIA Braine L'Alleud calendar - Monday to Thursday from 08h30 until 17h30 and Friday from 08h30 until 15h30.

NCIA Furnished Property and Services:

• NCI Agency will provide one NATO RESTRICTED REACH laptop to the Contractor during the execution of the Contract.
• The Contractor shall return this laptop back to NCI Agency after completion of the Contract.

The Purchaser will provide the Contractor with the following Purchaser-Furnished Equipment (PFE):

• Access to NATO sites, as required, for the purpose of executing this SOW.
• Workspace (needed business IT for both on- and off-site service, hot-desk at NCSC facility).
• NCIA "REACH" laptop to be used by the Contractor for the execution of the contract.

Travel:

• The Contractor may be required to travel to other NCI Agency or NATO locations for completing these tasks.
• Travel expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive. The Contractor, in accordance with the terms and conditions of the framework agreement, will invoice them separately to the purchaser. These additional travel costs are considered an extra charge to the overall bid price.

Other:
The services under this SOW must be accomplished by ONE Contractor for the entire performance period.
 
Requirements:
Required Profile:
For the execution of this contract, the following qualifications are required:

• Nationally recognized/certified engineering university/college qualification with preferably Master of Science degree;
• Valid security clearance at minimum NATO SECRET level;
• Good knowledge of MS Office, with a minimum of 2 years of experience.
• Prior experience with data visualisation tools (e.g. Power BI, Tableau, Grafana) and the Ability to analyse and interpret structured and unstructured data.
• Knowledge of cybersecurity fundamentals, risk analysis, threat modelling and secure data handling, and Cyber Security tools e.g. vulnerability assessment, forensic analysis, log aggregation and correlation.
• Data sensitivity awareness. Understanding of handling classified or mission-critical information.
• Knowledge of multi-vendor switching, routing and security technology with proven technical experience with in depth understanding of communication protocols (mainly TCP/IP stack and technology behind of each element in the stack), network and security technologies.
• Knowledge of NATO Accreditation process and document set required for Accreditation and potential presentation to NSAB.
• Ability to plan and execute assigned project tasks taking into account policies, programme goals, and priorities, funding and other planning constraints.
• Ability to work on their own and as part of a team.
• Motivated, good communication skills, team player.
• Good communication skills (speaking, reading, writing, listening) in English;
• At least 3 years in support of a Cyber Security environment.
• Prior experience of working in an international environment, including both military and civilian elements, for a minimum of 1 year (preferred).
• Knowledge/understanding of NATO responsibilities and organisation.
• Knowledge of NATO Communication and Information Systems Infrastructure (preferred).