Deadline Date:
20 February 2025
Requirement Title: Support to Asset, Configuration, Patching, and Vulnerability (ACPV) Project in NATO Cyber Security Centre
Location of Performance: Braine L’Alleud, BELGIUM
Cost Not to Exceed:
44,730
Required Start Date: 7 April 2025
Background:
The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions, and their associated information exchange.
Introduction:
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.
The TRANSFORM Branch supports the missions of the NCSC by ensuring the delivery of coherent, holistic, effective and efficient Cyber Security services across the NATO Enterprise.
The Asset, Configuration, Patching and Vulnerability (ACPV) Project refers to the comprehensive management of technology assets to enhance NATO's cyber security posture.
ACPV is a broad concept. It is the first Enterprise-wide data service. It will host data from across the NATO Enterprise, building the platform on which cyber security professionals will analyse and manage vulnerabilities. The term "assets" refers to information systems or technology that contain, host or process NATO data. "Configuration" refers to the initial set-up of these assets, the way they are pieced together and remain secure. "Patching" then refers to repairing, upgrading or updating these systems. The correct configuration and patching of assets significantly improve cybersecurity and reduces vulnerability of the Alliance as a whole to cyberattacks.
Objective:
The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for support to ACPV Project.
This document outlines the services to be provided by the Supplier to NCI Agency Cyber Security Transform Branch for the implementation and management of the ACPV Project.
Moreover, it specifies the required skillset and experience.
The Contractor will have a support role, helping Project Managers and teams with both administrative and operational aspects of project management
Scope of Work:
The Cyber Security TRANSFORM Branch, in charge of managing a large scale of projects in its daily operations, is facing a heavy workload and a lack of personnel.
This situation is impacting all the Cyber Security services and numerous other projects. The aim of this SOW is to support NCSC with technical expertise specifically related to the ACPV with a deliverable based (completion-type) contract to be executed in 2025.
General ACPV Project Support Package:
The Supplier will:
- Develop and keep up to date the NATO Enterprise T2 data sources points of contact list
- Develop and keep up to date the REACH/NR laptops Database provided to contractors
- Develop and keep up to date the Database tracking the accounts delivered to contractors (type, validity, etc.)
- Develop and keep up to date the Database with contractor documentation for the NATO sites access
- Develop and keep up to date the Access list to the project portal ⮚ Develop and keep up to date the ACPV list of actions assigned to both the NCIA PMT as well as to the Contractor PMT members
- Provide logistical support for workshops and meetings.
- Use project management software (ServiceNow) and Agency official tools
- Perform project-related transactions in systems like ServiceNow and EBA
- Support the work of the Project Managers in all administrative tasks.
- Coordinate international teams and meetings
- Organized digital filing system for all project documents
- Travel itineraries and expense reports for project team members
- Procurement logs for project-related supplies and services
- Coordinate and submit Purchase Requisitions
The Service Provider will:
- Provide requested routine and planned documentation
- Provide ad-hoc project management documentation
- Maintain Service Line project-related portals such as work loading and work capacity metrics; reporting and planning; contact information; prioritization; project status.
The Service Provider will:
Support the team by routinely
- Weekly project status reports
- Custom reports generated from project management tools
- Regular stakeholder update reports
- Support the production and submission of exception reports
- Closely liaise with Cyber Service Line team and Admin Office to support preparation of defined reports
- Create and maintain all project related documentation (risk and issue management, dependencies, change management, scheduling, supplier management).
- Support with the budget tracking spreadsheets with variance analysis report.
- Resource utilization reports.
- Organized meeting agendas for various project-related meetings
- Detailed meeting minutes with action items clearly highlighted
- Follow-up reports on action items and decisions
- Compliance checklists ensuring adherence to cybersecurity standards and regulations
- Policy and procedure implementation packages
- Audit-ready documentation packages
Services under current SOW are to be delivered by ONE resource that must meet the following experience, qualities and qualifications:
Experience:
Relevant experience with Managing projects in Service Now
- Experienced in working with Cyber Security Projects
- Knowledge and experience with the practical support on implementation of ICT projects.
- Prior experience of working in an international environment comprising both military and civilian elements.
- Proactive attitude in seeking and maintaining trust from stakeholders and team. ∙ Proven ability to communicate effectively orally and in writing with good briefing skills.
- Analytical skills. Time management.
- Works productively in a pressurized environment.
- Focused on objectives and deliverable oriented
Strong stakeholder skills – can demonstrate evidence of developing and maintaining strong and effective relationships with internal and external stakeholders
- Flexible and adaptable; able to work in ambiguous situations.
- Proven ability to communicate effectively orally and in writing with good briefing skills.
- Proactive attitude in seeking and maintaining trust from stakeholders and team. ∙ Analytical skills
- Time management
- Works productively in a pressurized environment
- Focused on objectives
- Deliverable oriented
- Ability to work autonomously
- Strong reporting skills
- Vocational training at a higher administration level in a relevant discipline or 5 years equivalent combination of qualification and experience.
- Diploma of secondary education.