2025-0040 Cyberspace CPP 9A3201 Support (NS) REMOTE - 4 Mar

Deadline Date:  Tuesday 4 March 2025
 
Requirement:   Cyberspace CPP 9A3201 Support
 
Location:  OFFSITE
 
Not to Exceed:  NTE 39,105 EUR
 
Required Start Date:  01 April 2025 
 
Required Security Clearance:  NATO SECRET
 
Purpose:
The objective of this statement of work (SoW) is to outline the scope of work and deliverables in support of the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project and Refresh and Maintain Obsolete Equipment (OBSO) project. These projects are two of the six in-flight Cyberspace CPP 9A3201 projects, and all products produced under this SoW must align with the interfaces and interdependencies with all NATO & National projects and systems.
The purpose of the work is to provide additional technical and product-creation support to NATO Cyber Security Centre (NCSC) to fulfil the identified activities (see ‘Scope of Work’, Section 3, below) that contribute towards this project.
 
Background:
This contract is to provide consistent support on a deliverable-based (completion-type) contract. It will provide contributions towards the NCSC project team as it develops its IFB Package. The specific work is based on the deliverables that are described in the ‘Scope of Work’ section, below.
CPP 9A3201 consists of six projects that aim to addressing critical CIS security services uplifts; implement the necessary enhancements which remain after approval of CP090120; and provide capability lifecycle support for existing and programmed CIS security services-related capabilities.
One of the six projects is the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project. Its aim is to provide maintenance of the current CIS security posture, by addressing critical CIS security services uplifts and enhancements, which remain after approval of CP120. It also addresses non-overlapping scope related to the Uplift to Security Information and Event Management (SIEM)/Log Storage, post-Intrusion Detection and Threat Hunting systems, as well seeking to provide a Cyber Threat Intelligence (CTI) capability.
CTI is a clearly-defined part of the authorised ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project, with secured funding and an authorised Schedule for project implementation. Its next project milestone is the Release of an Invitation for Bids (IFB), and much of the foundation work for this ‘project’ is in place; however, the materials now need to be developed and coordinated as it moves towards its scheduled IFB Release Milestone. As with all of the CPP 9A3201 projects, this ‘project’ is following the ‘performance-based’ methodology, with artefacts, documents and deliverables all adhering to the principles of this model. The ‘Scope of Work’ outlined directly below aims to directly address and accomplish this.
The Refresh and Maintain Obsolete Equipment for Cyber Capabilities (OBSO) project is one of the projects defined in the CPP 9A3201 Cyberspace. This project is focused on maintaining the current CIS security posture by addressing critical CIS security services uplifts and enhancements. The Cyberspace Programme aims to mitigate NATO enterprise security posture degradation due to planned and unplanned hardware/software obsolescence and to improve NATO enterprise security posture by adopting refreshed technologies and expertise.
OBSO is a clearly defined project within CPP 9A3201 with secured funding, an authorized schedule, and well-described scope. The next milestone for the OBSO project is the IFB Release, with only some preliminary work completed towards planning or drafting of this document.
 
Scope of Work:
The aim of this SOW is to support NCSC with technical expertise specifically related to the development of the ‘Performance Work Statement’ and associated materials that need to be developed for the ‘Invitation For Bid(s)’ package for the Cyber Threat Intelligence (CTI) capability (that is part of the ‘Enhance and Sustain CIS Security Monitoring CPP Scope’ project) and Refresh and Maintain Obsolete Equipment (OBSO) project. The specific documents and materials to be delivered are listed below in Section 4.
Under the direction / guidance of the NCSC Project Manager(s) and Project Technical Coordinator, the appointment will be the part of the NCSC Team supporting the following activities:

• The maturation of the Cyber Threat Intelligence (CTI) ‘project’ ‘Building Blocks’ that the project team has developed (including ‘High Level Objectives’; ‘Tasks’; ‘User Stories’; ‘Risks’) into a coherent Performance Work Statement that is accessible to potential bidders and fully mature.
• Involvement with workshops and collaborative sessions that enable the aforementioned Performance Work Statement to connect with other associated artefacts, such as the Quality Assurance Surveillance Plan and the ‘Landscape Document’. Some active contribution to the content might be expected.
• Prepare the IFB materials for the Refresh and Maintain Obsolete Equipment (OBSO) project. The task involves, but is not limited to, a) updating the list of obsolete cybersecurity devices for replacement as an Annex to the IFB; b) drafting a bill of materials (BoM) with associated price estimation and prioritization of these devices; c) producing a matrix of interfaces and interdependencies with other NATO and National projects and systems; d) collaborating with the NCSC Cyber Security Services Framework (CSSF) team to produce a draft Task Order (TO); and e) Preparing draft technical specifications supporting the IFB.
• Liaison with project stakeholders on behalf of the project to garner information required to mature the artefacts.
• The measurement of execution/completion of this work will be:
  • Frequent and regular meetings and reporting points, both formal and informal, between the Contractor and the NCSC Project Manager(s) and/or Project Technical Coordinator to ensure consistent progress and agreement of expectations between all parties;
  • Sign off by the NCSC Project Manager(s) and Project Technical Coordinator of high-calibre artefacts and products;
  • Ultimately, the delivery by the Contractor of matured and completed artefacts, which fulfil the IFB checklist criteria as per NATO standards and policies, that are ready to be packaged for the IFB Release.

• Bachelor's degree in Computer Science, Information Technology, or related field, or equivalent experience.
• Cyber Security and Cyberspace Background related to both the protection of military networks and securing operations and missions.
• CISSP experience and certification.
• Strong analytical and problem-solving skills.
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
• Familiarity with the CFCDGM governance model and capability development lifecycle.
• Familiarity with the range of NATO Stakeholders.
• Practical working experience within the Cyber domain with 2-4 years of experience working within Cybersecurity topics.
• Familiarity with Defence / NATO Procurement processes.
• Familiarity with high-quality public-facing Documentation Production.
• Prior knowledge of NATO IFB related work is helpful but not essential.
• Experience of working with classified material.

• Experience of working with NATO and awareness of the NATO Command Structure;
• Experience of working with NATO Communications and Information Agency;
• Experience and familiarity with NATO networks and cybersecurity;
• Experience of working with national Defence or Government entities.