2023-0047 Specialized Consultants for NISC (NS) - FRI 16 Jun OFF-SITE

Deadline Date: Friday 16 June 2023

Requirement: Specialized Consultants for NISC

Location: OFF-SITE

NATO Grade: 130,000 EUR

Required Start Date: No Later Than 24 July 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Annex A – Statement of Work

1 OVERALL PROJECT SCOPE

NISC has a requirement for subject matter experts (SME) to be embedded with a team of NCI Agency staff in support of the expanded ACT Scientific Programme of Work for 2023.

The consultant(s) will provide services off-site and regularly coordinate their efforts with the team using the Agile/Sprint procedures already established. This requires both face-to-face meetings and remote tele- or video-conferences. The size of the team will be proposed by the bidder.

The primary required work is focused on:

• Developing a business and technical architectures that support the implementation of Data Centric Security (DCS), particularly for DCS Maturity Level 1.
• Designing and documenting a common labelling approach in support of DCS Maturity Levels 1 and 2.
• Assessing processes and design mechanisms for assisted labelling of information.
• Assessing, validating and integrating DCS approach into NATO Enterprise and FMN architectures.
• Investigating the enhancement of cryptographic protection and recommending the future approach for achieving DCS Maturity Level 1.
• Facilitating the effective adoption and deployment of DCS towards its end-state via execution of coherence activities across the NATO Enterprise.

This expertise is required to supplement the current level of expertise within NISC so the consultants must be ready to quickly integrate with the current team and take up duties. The work required will be based on deliverables as defined below. A request for available staff has not been successful hence this request for consultancy support.

2 TASKS FOR ENGINEERING SERVICE

The following requirements have been identified to provide technical support for the ACT Programme of Work (POW) 2023.

2.1 Objectives

Consultants are requested to participate and provide expert support to NCI Agency in the execution of scientific activities advancing the following objectives.

1) Allied Command Transformation (ACT) POW:

i) Develop Enterprise level architectures supporting the successful conception of DCS to inform how it fits in NATO business functions and use cases.

ii) Support DCS Policy management and automation concept development, including use cases to motivate automation scenarios. This is critical for the success of DCS by reducing the burden on users and enabling a successful rollout of DCS across the NATO Enterprise.

iii) Coordinate DCS technical activities with Zero Trust Architecture (ZTA) and NATO Core Data Framework (NCDF) initiatives.

iv) Investigate metadata labelling and tagging in relevant use cases, such as multi-domain operations and DISG.

v) Include DCS in ongoing Federated Mission Networking (FMN) spiral specification development.

vi) Promote the DCS reference environment with NATO participants; mature DCS reference environment to support additional binding profiles; develop Record of Investigation (RoI) on crypto options for DCS.

2.2 Specific Expertise Required:

[See Requirements]

3 DELIVERABLES

All of the defined deliverables are briefings, reports, designs (proof of concept demonstrators) or specifications with a well-defined NCI Agency-specified format. The deliverables will be required by various dates between July 2023 and December 2023. All deliverables are to be peer reviewed within the deliverable cycle. Input and guidance will be provided by NCI Agency in written from or/and during the targeted review meetings.

The following activities are seen as necessary to achieve the objectives of the Programmes of Work for 2023:

i) Expert-level support for NATO ACT HQ and NCI Agency with the emerging Metadata Labelling Strategy and the Data Centric Security Strategy. The demonstration and testing of Data Centric Security (DCS) components.

ii) Expert level support for the modification, development and validation of Binding Profiles in support of DCS.

iii) Expert level support of NCI Agency to coordinate DCS labelling and binding mechanisms;

iv) Provide input to FMN DCS labelling activities;

The following specific deliverables are required:

For SPW019053:

a) A1: Participate in and provide input to the DCS Workshops [3Q23, 4Q23]

b) A2: Support Development of DCS Architectures [3Q23, 4Q23]

c) A3: Support the development of a record of investigation (RoI) on the DCS Maturity Level 1 enterprise architecture to outline approach to data labelling (4Q 2023)

d) A4: Coordinate approach to crypto key management [3Q23, 4Q23]

e) A5: Support DCS integration activities with Zero Trust Architecture (ZTA) and NATO Core Data Framework (NCDF). (3Q and 4Q 2023).

f) A6: Deliver recommendations on approaches for metadata labelling and tagging (4Q 2023).

g) A7: Support developing Federated Mission Networking (FMN) use cases, such as multi-domain operations (MDO) (4Q 2023)

h) A8: Document DCS crypto options (4Q 2023).

The expected classification level of the deliverables is NATO UNCLASSIFIED. However, in some particular circumstances it might be decided that a part of the deliverables will be classified as NATO RESTRICTED. The execution of duties may require the consultants to access information, as well as CIS systems, classified up to NATO SECRET.

In addition to the above-mentioned deliverables, the consultants are expected to co-author with the NCI Agency publications in international conferences and journals contributing to discoveries and advances made during the period of performance.

The consultants will be required to prepare documentation and make presentations to sponsors and stakeholders throughout the contract period. This may require the consultants to independently represent specific technical areas on behalf of NCI Agency without direct support of Agency staff.

The consultants will be required to provide technical support to the NCI Agency team on an ad hoc basis throughout the contract period.

4 PAYMENT SCHEDULE

This requirement is for the delivery of the products identified in Section 3. Payment will be provided based on these deliveries as indicated in the following table:

Deliverable 01: A1, A2, A4, A5, A8

Deliverable Due Date: 30 Oct 2023

Payment Milestone: November 2023

Value (% of total contract): 50%

Deliverable 02: A1, A2, A3, A4, A5, A6, A7, A8

Deliverable Due Date: 20 Dec 2023

Payment Milestone: December 2023

Value (% of total contract): 50% of the total cost

Invoices shall be accompanied with a Deliverable Acceptance Sheets (Annex B) and Monthly Progress Report (Annex C) signed by the project authority.

5 SECURITY CLEARANCE

The duties of the consultants require a valid NATO SECRET security clearance.

6 PERIOD OF PERFORMANCE

The services are to be provided for the period starting not later than 24 JUL 2023 through 31 December 2023.

7 TERMS

This is a Completion-type contract requires consultants with complementary skills to complete the work.

Services under this RFQ will be performed off-site at the consultant’s own office. Office space and computer equipment will be provided at NCI Agency-NL for access during scheduled visits for the duration of this contract; contractor is responsible for office space and computer equipment at their own facilities.

This Task Order may require scheduled travel. This travel will be billed to the purchaser by the service provider separately and is considered an addition to the overall cost of the bid. Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.3 of AAS Framework Contract and within the limits of the NCIA Travel Directive.

Extraordinary travel (Purchaser Directed Travel) may be required to other NATO or non-NATO locations as necessary so agility must be maintained.

NATO will retain the intellectual property rights for all products developed in relation to this project.

Requirements

2.2 Specific Expertise Required:

The following expertise and knowledge is essential for this requirement:

• The duties of the consultants require a valid NATO SECRET security clearance.
• Expert knowledge of NATO’s Data Centric Security (DCS) vision and strategy, along with expert technical knowledge of enablers such as the NATO Metadata Binding Service and NATO End Point Labelling demonstrators;
• Detailed knowledge of Industry and NATO standards in the area of labelling, binding and marking;
• Expert knowledge of NATO Confidentiality Label Syntax specifications, profiles and emerging standards;
• Expert knowledge of NATO Metadata Binding Mechanism specifications, profiles and emerging standards;
• Expert knowledge of NATO Core Data Framework (NCDF) and related profiles and emerging standards;
• Detailed knowledge of FMN concepts;
• Detailed knowledge of methods and mechanisms to resolve security label translation/mapping between NATO and NATO national systems;
• Expertise in commercial security labelling products and object level protection solutions;
• In-depth familiarity with NATO organisational and political structures and relationships with NATO and Partner nations;
• Good understanding of cryptography;
• Ability to independently produce and edit technical documentation and scientific reports in English;
• Excellent communications skills;
• Good understanding of the project management methodologies, including PRINCE 2 and Agile/Scrum