2025-0048 Active Directory Security Support (NS) BELGIUM - 4 Mar

Deadline Date:  04 March 2025
 
Requirement Title:  Active Directory Security Support
 
Location of Performance:  100% onsite in Braine L’Alleud, Belgium
 
Cost Not to Exceed:  NTE € 118,260

Required Start Date:  14 April 2025 

Required Security Clearance:  NATO SECRET
 
Purpose:
The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the remediation of vulnerabilities identified by Active Directory Clean-up Tool to be conducted on site by the selected company.  
The purpose of the work package is to provide support to NATO Infrastructure Services Centre  (NISC) to fulfil identified Active Directory Clean-up Tool vulnerability remediation activities more effectively.
 
Background:
The Office of the CIO (OCIO) Enterprise Cyber Security Posture Improvement project focuses on the acquisition and implementation of state-of-art tools to enhance Enterprise-wide cybersecurity capabilities considering the key cybersecurity functions.  
NCI Agency initiated a project and procured Active Directory Clean-up Tool (Tenable Identity  Exposure) providing identity unification and risk scoring, real ‑ time attack detection and continually assessing directory services security in real ‑ time, eliminate attack paths that lead to domain domination, and investigate and inform. 
To support NISC for the execution of tasks identified in the subject work package of the project,  the NCI Agency is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability.  
This contract is to provide consistent support on a deliverable-based (completion-type) contract,  to NISC contributing to its POW based on the deliverables that are described in the scope of work below. 
 
Scope of Work:
The objective of this Statement of Work (SOW) is to provide Active Directory security support service on Site for NATO CIS, consisting in operation and management of multiple Tenable  Identity Exposure installations, monitoring Active Directories’ security posture, develop and use automation mechanisms (scripts), investigate security events, develop mitigation measures, and  support the remediation of the Active Directory-related security findings. 
For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based  AAS framework contract in the delivery of requested capability. 
Vulnerability remediation is a crucial aspect of addressing the security issues of an Active  Directory infrastructure identified through a security auditing function. It involves a systematic process of assessing, prioritizing, and mitigating security vulnerabilities within the Active  Directory environment.
Remediation actions are taken to address identified vulnerabilities and reduce the risk of exploitation. This may involve applying security patches released by vendors, reconfiguring systems to address misconfigurations, updating security policies and procedures, enhancing network segmentation, or implementing additional security measures such as intrusion detection systems or endpoint protection solutions. After remediation actions are implemented,  the effectiveness of the remediation efforts is validated through testing and monitoring. 
This SOW covers 3 (three) Tenable Identity installations that monitor and protect multiple Active  Directory forests and directories; the required activities are described below and detailed in  Annex C.  
These activities will be performed under the direction/guidance of the NISC Point of Contact, a contractor will be the part of the NISC Team. 
 
Active Directory security operations: 

• Operate the Tenable Identity installations, in coordination with the Continuous  Vulnerability Assessment and Identity and Access Management teams, 
• Monitor the Tenable Identity Exposure-generated events, detect and support  remediation of Active Directory incorrect permissions/roles/groups’ configurations, 
• Report the identified CIS security incidents following the NCIA procedure, and support  the security investigations, 
• Create monthly AD security compliance reports, including the amounts of active,  inactive and disabled users and service accounts, 
• Support the installation/configuration, and upgrade the Tenable Identity Exposure  installations in scope of this SOW, following the NCIA change management process and  using NCSC security configurations to ensure compliance of the managed networks with  NATO Security Directives, 
• Support the development of mitigation and remediation plans, following the  identification and assessment of cybersecurity risks for Active Directories in scope, 
• Assist with complex remediation activities for the NATO CIS in scope of this SoW; conduct remediation activities in collaboration with the NCIA Service Delivery  Managers, 
• Ensure adequate level of systems/data protection is implemented for NISC managed CIS  in accordance with NATO Security policies and directives, 
• Perform all operation, support and maintenance activities described in Annex C, j) Log and track Service and Change requests using the enterprise ticketing system (ITSM), 
• Ensure all tickets are updated with accurate and detailed information and resolved  within the agreed service levels. 

• Escalate complex issues to appropriate teams when necessary, 
• Follow up on escalated issues to ensure timely resolution and user satisfaction.

• Contribute to the creation and maintenance of a knowledge base, documenting  common issues and solutions, 
• Share knowledge and best practices with team members to improve overall service quality. 

• Monitor support metrics and KPIs to ensure high-quality service delivery, 
• Participate in regular reviews to identify areas for improvement and implement corrective actions. 

• Develop and implement automation scripts to streamline routine support tasks such as  software installations, updates, system and software checks and notifications,  
• Utilize automation to create workflows for repetitive tasks, improve service efficiency and proactively implement solutions. 

• Communicate effectively with internal user community to understand their issues and  provide clear instructions, 
• Collaborate with IT teams to resolve issues and improve service delivery.

• Quality of work reached NATO standards,  
• Tasks are completed within the assigned time,  
• Performances are as defined by the line manager.  

• Quality of work is low,  
• Tasks are not completed within the assigned time,  
• Performances are not as defined by the line manager.  
• A replacement will be requested if the contractor cannot fulfil the tasks as explained in rejection criteria.  
• Payment will not be done if the sprint is not completed. 

• Microsoft Active Directory and PowerShell expert knowledge, 
• Experience with security configurations for Active Directory-based enterprise networks, c. Knowledge of and experience with Tenable Identity Exposure, 
• CIS Security Assessments (SA) remediation. 

• Strong troubleshooting skills to diagnose and resolve hardware, software, and network  issues, 
• Ability to guide users through problem-solving steps effectively. 

• Proficiency in automation to create workflows and automate repetitive processes, b. Ability to identify and implement automation opportunities to enhance efficiency.

• Excellent verbal and written communication skills, 
• Full proficiency in English, 
• Ability to communicate technical information to non-technical users in a clear and  concise manner. 

• Strong customer service focus with a commitment to user satisfaction, b. Patience and empathy when dealing with user issues and concerns. 

• Ability to manage multiple support tickets and prioritize tasks effectively, b. Attention to detail in documenting support activities and maintaining accurate records.

• Ability to work effectively as part of a team and share knowledge and resources, b. Willingness to collaborate with colleagues to solve complex issues. 

• The candidate has strong customer relationship skills, including negotiating complex and  sensitive situations under pressure, 
• The candidate must have the nationality of one of the NATO nations.

• Experience in working with NATO, 
• Experience working with NATO Communications and Information Agency,
• Experience working with national Defence or Government entities.