Requirement: NIAPC Content Management
Location: Braine l'Alleud, BELGIUM
Cost Not to Exceed: 2026 BASE: NTE 31,095 EUR
Period of Performance: 2026 BASE: As soon as possible but not later than 3 August 2026 - 23 December 2026, with possibility to exercise the following options:
- 2027 Option: 2 January 2027 - 23 December 2027;
- 2028 Option: 2 January 2028 - 23 December 2028
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Introduction:
- NCIA has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defense functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
- The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the center executes a portfolio of programs and projects around 219 MEUR per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Program of Work (POW) activities funded via the NATO Military Budget (MB) to Critical/Urgent Requirements (CURs/URs) and NATO Security Investment Program (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).
- The NATO Information Assurance Product Catalogue (NIAPC) is an authoritative catalogue mandated under AC/322 directives and delivered as a funded service under NCSC INFORM SEC036. The NIAPC was developed initially under directive AC/322-D(2010)0042 (22 Sep 2010) later on superseded by AC/322-D(2019)0041 REV1 - Technical and Implementation Directive on Introducing Secure Systems and Solutions (Appendix B / NIAPC).
- The catalogue provides a single point of reference for the initial selection of security enforcing products. Its effectiveness is further extended by the inclusion of lists of common specifications, in the form of protection profiles, as used in Common Criteria certification (both Protection Profiles (PPs) and collaborative protection profiles (cPPs)) together with their associated supporting documents as described in Appendix A of this Directive.
- The catalogue may also contain national requirements (such as national specifications, national Requirement Profiles for Product Types, etc.) by an NCSA, provided these are relevant for the evaluation and approval of a product, hereinafter referred to as "Requirement Profiles". These Requirement Profiles do not necessarily need to be CC compliant, but according to an assessment of the responsible NCSA, they should be essential and eligible for a listing in the NIAPC together with an approved product.
- Since emission security and cryptographic security can form all or parts of the security features of a product, certified TEMPEST vendors, and approved Cryptographic Products and Mechanisms, are also listed in the catalogue.
- The system is Internet facing, accessible publicly and can be found at https://www.ia.nato.int/niapc
- This Statement of Work defines outcome-based services to ensure controlled intake, catalogue accuracy, transparency of processing, and sustained service performance in compliance with Service-Based Contract NCIA/FC/2025/03519 directive.
The Contractor shall deliver NIAPC service flavor outcomes, including controlled request intake, execution of approved workflows, maintenance of catalogue accuracy, and delivery of service reporting. The Contractor retains full responsibility for how capacity is organized to achieve these outcomes. This contract does not constitute staff augmentation.
Skills
It is up to the bidding company to propose and size the team that will be working to fulfilling these deliverables. Nevertheless, NCIA NCSC considers the skills below are essential to deliver the service.
[See Requirements]
Requirements:
- 5 years' experience of execution and governance of workflow-based service requests.
- 3 years' experience in catalogue and content lifecycle management in regulated or public-sector environments.
- 3 years' experience in management of multi-stakeholder approval workflows (NATO entities, Nations, vendors).
- 3 years' experience in maintenance of traceability, accuracy, and auditability of service outputs.
- Demonstrated experience in production of service performance reports, including KPI and trend analysis.
- Demonstrated experience in the use of service management and collaboration tools (e.g., Jira, Confluence) to evidence delivery.
- Strong written professional communication skills suitable for policy-driven and politically sensitive contexts.
- Required Security Clearance: NATO SECRET clearance must be held at the start of the contract.
