Deadline Date:
Friday 14 February 2025
Requirement:
Cyber Security and Guard Support
Location:
Mons, BELGIUM
Full-Time On-Site:
Yes
Not to Exceed:
91,800 EUR (34 sprints at 2700 EUR/sprint NTE)
Required Start Date:
As soon as possible but not later than 31st March 2025
Required Security Clearance:
NATO SECRET
Background:
The NCIA has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
Introduction:
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.
In order to execute this work, the NCIA is seeking additional manpower through contracted resources to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations.
The Gateway Security Services (GSS) Section facilitates and accounts for all lifecycle aspects of Boundary Protection Components deployed within and on the edge of NATO networks in order to protect key NATO information while allowing NATO staff to work securely and process their information.
NCIA is looking for subject matter expertise for the delivery of this complex and critical cybersecurity capability.
This contract is to provide consistent support on a deliverable-based contract to NCSC based on the deliverables that are described in the scope of work below.
Purpose:
The Cyber Security SECURE Branch delivers a wide suite of enabling services in specific areas of Technical Services and CIS protection.
Gateway Security Services operate (amongst others) various technologies such as data diodes, secure mail gateways and guard components support the secure cross-domain data exchange.
This Statement of Work (SOW) outlines the services to be provided by the Supplier to NCIA Cyber Security Centre Secure Branch to fulfil identified CYBER SECURITY AND GUARD Support more effectively.
Scope Of Work:
The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for support to Gateway Security Services, the ‘Level 3 Cyber Security and Guard that should be manned by the service supplier on a daily basis to ensure service objectives are met continuously.
The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of CYBER SECURITY AND GUARD Support with a deliverable based (completion-type) contract to be executed in 2025.
The service provider will be required to deliver a daily activities schedule, orchestrate NCIA processes as well as represent NCSC business unit on an Enterprise Level where required. Tasks performed by a contractor include:
- Build, implement, maintain, and support systems within existing cross-domain gateways (System Administration).
- Configure, maintain, review and update configuration settings and policies on guard components and data diodes (System Configuration)
Central system administration of Guards and Data Diodes to ensure continuing functionality and availability:
- Hardware and software systems installation and configuration
- User and access management
- Back up and restore systems data
- Monitor system performance and availability
- Log forwarding towards archiving and/or forensic systems
- Analyze, troubleshoot and resolve application issues
- Development of automation scripts to meet day to day system administration tasks
- Implementation and verification of guards and data diode configuration to meet customer cross-domain data exchange requirements
- Adaptation of release markings
- Adaptation of email attachment types
- Configuration of additional cross-domain flows
- Back up and restore configuration data
- Monitor patch releases
- Test new software and patches
- Support A2SL process for approval of software updates
- Installation and configuration of software and patch updates
- Development of SOPs and other documentation for repetitive activities
- Produce and maintain comprehensive documentation for all implemented systems
- Review and update security documentation
- Education/training/familiarization of other teams
- Technical support in troubleshooting infrastructure and operational issues
- Collaborate with other teams for a successful resolution;
- Provide technical support and guidance by answering end-user requests to identify issues in secure cross-domain data exchange
Central configuration of Guards and Data Diodes:
The purpose of daily Central administration and configuration of Guards and Data Diodes is to ensure continuing functionality and availability of those critical systems in order to support a wide range of end-user facing services.
The Service Provider will:
- Support the team by routinely reviewing the tickets queue to ensure 4 hours response time for normal events and 1 hour response time for high/critical events
- Provide multi-channel support (phone, email, internal chat)
- Develop and maintain a repository of scrips to automate recurring systems administration activities.
- Ensure correct logging and log forwarding configurations to support availability of system events in central log database.
- Provide pro-active system administration and maintenance to prevent system failures
- Escalate critical events to appropriate channels within 4 hours
Preparation: Review of incoming administration tickets/requests, initial assessment, categorization and preparation for implementation. Monitor system counters, log files and other usage information to pro-actively identify bottlenecks, upcoming problems. Identify routing tasks that can be automated.
Implementation: Following established processes, perform admin actions to mitigate identified system issues.
Results: Output: Updated administration information and system backup; no more pending tickets in ITSM toolset
Recurrence: Daily (Monday – Friday)
Activity and availability KPIs shall be recorded and visible for review by SEC011 SDM and/or Operations Manager.
Central configuration of Guards and Data Diodes:
The Service Provider will:
- Support the team by routinely reviewing the tickets queue to ensure 4 hours response time for normal events and 1 hour response time for high/critical events
- Provide multi-channel support (phone, email, internal chat)
- Update the configuration of cross-domain security guards or data-diodes based on changing requirements.
- Ensure a working backup/restoration procedure of configuration settings has been tested, implemented and documented.
The Service Provider will:
- Raise required documentation to initiate the software approval process
- Update production systems to the latest approved software version
Preparation: Review of installed software/patch/application versions. Monitor provider portals for availability of updates.
Execution: Output: SEC011 SDM/Operations Manager should be informed of all actions under preparation; timelines for patching briefed in weekly team meeting; CRQ communicated to NCSC Change Management stuff
Results: CRQ submitted, Update/patch windows planned and approved, systems patched
Recurrence: Preparation: Daily (Monday – Friday); Execution and Results: Upon availability of patches/updates / once a week (Friday)
Documentation of Guards and Data Diode systems:
The Service Provider will:
- Document setup, configuration, installation specifics into the GSS documentation repository
- Attend internal meetings within GSS team to provide hands-on demonstration and familiarization of cross-domain gateway systems
Execution: Presentation of updated documentation to GSS Team Lead
Results: Output: Documentation uploaded to SEC011 repositories
Recurrence: Once a week (Thursday)
Notes/documentation to be signed off by NCSC SEC011 SDM.
Support of Guards and Data Diodes:
The Service Provider will:
- Provide support to NATO staff users and collaborate with other admin staff to resolve tickets related to cross-domain data transfer
- Create entries on issues activities
Preparation: Review of all the tickets (INC, WO/SR. CRQ)
Execution: Meetings (in person, online) with GSS team and other peers; communication with end-users (if needed)
Results: Output: Update on related issues during the previous reporting period
Recurrence: Once a week (Friday)
Service Level Agreements (SLAs):
The following SLAs will apply:
Average speed of answer: 30 minutes-4hours
Service provider is expected to provide service every day during normal business hours 08:30-17:30.
Client Responsibilities:
The Client will:
Provide necessary access to systems and information required for all services
Tools and equipment (laptop) will be provided for remote service provisioning. Access to the following tools that are used to execute daily tasks will be provided: BMC remedy (NCIA Enterprise); Visio; MS Office Suite; SharePoint;
Designate primary points of contact for escalations and decision-making
Early Definition: Establish criteria at the beginning of the project or sprint; Refine criteria as needed throughout the development process
Prioritization: Identify must-have criteria vs. nice-to-have features; Align prioritization with project / service goals and constraints
Consider Edge Cases: Include criteria for handling unexpected inputs or scenarios; Address potential failure modes and error handling
Coordination and Reporting:
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, via electronic means using Conference Call capabilities, according to the Operation Managers / Team Leaders instructions.
Due to the AGILE approach of this project, there is a need to define a set of specific arrangements between the NCIA and the contractor that specifically defines the deliverables to be provided for each sprint as well as their associated acceptance criteria. This includes sprint planning, execution and review processes, which are detailed below:
Acceptance Criteria:
Quality of work reached NATO standards
Tasks are completed within the assigned time
Performances are as defined by the line manager
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the work held and the development achievements during the sprint.
The services will be deemed accepted when:
- All specified SLAs are met
- All deliverables have been provided as outlined in Section 5
- Tickets/requests are continuously monitored
- Issues are continuously monitored
- Recurring meetings and cross-teams collaboration are manned at all times
- All of the meetings information and actions are captured within NCSC SEC011 repositories
- The Written Reports contain no spelling or grammatical errors, all data sources are properly cited, the document follows the provided template, including font styles and sizes, all charts and graphs are clearly labelled and include a brief explanatory caption
Rejection Criteria:
Quality of work is low
Tasks are not completed within the assigned time
Performances are not as defined by the line manager
The client may reject deliverables if they do not meet the specified acceptance criteria or if they contain critical errors.
A rejected deliverable must be corrected and resubmitted within 1 (one) business day.
- A replacement will be requested if the contractor cannot fulfil the tasks as explained in rejection criteria.
- Payment will not be done if the sprint is not completed.