2024-0070 Specialized Consultants for NATO ISC (NS) - MON 19 Feb

Deadline Date:  Monday 19 February 2024

Requirement: Specialized Consultants for NATO Infrastructure Services Centre

Location:OFF-SITE 

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Required Start Date: 19 March 2024

End Contract Date: 31 December 2024

Required Security Clearance: NATO SECRET

1 OVERALL PROJECT SCOPE

NATO INFRASTRUCTURE SERVICES CENTRE (NISC) has a requirement for subject matter experts (SME) to be embedded with a team of NCI Agency staff in support of the Scientific Programme of Work for 2024.

The consultant(s) will work off-site and regularly coordinate their efforts with the team using the Agile/Sprint procedures already established. This requires both face to face meetings and remote tele- or video-conferences.

The primary required work is focused on:

- The development and validation of NATO Enterprise Core Services requirements, architectural products and technical specifications;

- Developing and supporting Alliance and Coalition Federation information sharing concepts, services and specifications;

- Technical input and validation of Data Centric Security (DCS) and metadata labelling strategies for the Alliance Federation;

- Leading on implementation of DCS concepts;

- Supporting interoperability activities (e.g. FMN, TIDE and CWIX);

- Providing technical support for Allied Command Transformation (ACT) and NATO Digital Staff (NDS) activities in the area of Information Management and Core Service standardization.

- Supporting NATO Core Data Framework (NCDF) implementation development and to support Tactical Data Link (TDL) STANAG alignment activities.

- Developing a business and technical architectures that support the implementation of Data Centric Security (DCS), particularly for DCS Maturity Level 1.

- Designing and documenting a common labelling approach in support of DCS Maturity Levels 1 and 2.

- Assessing processes and design mechanisms for assisted labelling of information.

- Assessing, validating and integrating DCS approach into NATO Enterprise and FMN architectures.

- Investigating the enhancement of cryptographic protection and recommending the future approach for achieving DCS Maturity Level 1.

- Facilitating the effective adoption and deployment of DCS towards its end-state via execution of coherence activities across the NATO Enterprise.

- Providing technical support for Allied Command Transformation (ACT) and NATO Digital Staff (NDS) activities in the area of Information Management and Core Service standardization.

This expertise is required to supplement the current level of expertise within the NISC so the consultants must be ready to quickly integrate with the current team and take up duties. The work required will be based on deliverables as defined below. A request for available staff has not been successful in this request for consultancy support.

2 TASKS FOR ENGINEERING SERVICE

The following requirements have been identified to provide technical support for the ACT Programme of Work (POW) 2024 and the NDS POW 2024. The requirements and skills are an extension to and complementary with the requirements and skills requested for the 2022 POW projects.

2.1 Objectives

Consultants are requested to participate and provide expert support to NCI Agency in the execution of scientific activities advancing the following objectives.

1) Allied Command Transformation (ACT) POW:

i) Support and technical expertise as subject matter experts for ACT’s objectives in the “Interoperability Continuum” (CWIX, TIDE Sprint, iO360, Hackathon).

ii) Develop Enterprise level architectures supporting the successful conception of DCS to inform how it fits in NATO business functions and use cases.

iii) Support DCS Policy management and automation concept development, including use cases to motivate automation scenarios. This is critical for the success of DCS by reducing the burden on users and enabling a successful rollout of DCS across the NATO Enterprise.

iv) Coordinate DCS technical activities with Zero Trust Architecture (ZTA) and NATO Core Data Framework (NCDF) initiatives.

v) Investigate metadata labelling and tagging in relevant use cases, such as multi-domain operations and DISG.

vi) Include DCS in ongoing Federated Mission Networking (FMN) spiral specification development.

vii) Promote the DCS reference environment with NATO participants; mature DCS reference environment to support additional binding profiles; develop Record of Investigation (RoI) on crypto options for DCS.

viii)Sustain Core Services capability development and specification of Cross- Domain Information Sharing (C-DIS) including interoperability for federating NATO’s CES Capabilities.

ix) Support and technical expertise as subject matter experts for ACT’s objectives in the NCDF development and standardization.

x) Investigate SRM and messages mapping transformation languages availability, formulate a workable proposal for a mapping and transformation language and support its validation.

xi) Support Tactical Data Link (TDL) STANAG alignment activities.

2) NATO Digital Staff (NDS) POW:

i) Digital Policy Committee (DPC) Line of Development. Metadata harmonization.

ii) DPC Line of Development. Production of regulatory documentation and standards.

(1) This work will further develop and contribute to the definition of Information Sharing Scenarios for Core Services. This includes

(a) Knowledge and expertise in Metadata Labelling, Binding, Binding Profiles, Label to Marking mapping, label interoperability

(b) NATO Core Data Framework (NCDF) and Common Cross Community of Interest Semantic Reference Model (CXCSRM)

(c) STANAG alignment to metadata standards activities

(d) Federated information exchange based on meta/data standards that underpin a data architecture consisting of APIs, data lakes, meshes, abrics and backbones

(e) Cross domain information exchanges including Cross-Domain Information Sharing (CDIS) solutions

(f) Validation of federated information sharing Core Services at various exercise venues such as TIDE Sprint and CWIX. This should demonstrate alignment of national attributes with NATO, such that information can be shared between partners using a single sign on

(g) Federated Identity Management

(2) Contributing as subject matter experts in these areas requires a depth and breadth of knowledge in the NATO Consultation, Command and Control capability within the NATO Command Structure as well as expertise in current and planned Core Services.

(3) The work will entail the development and revision of technical documentation, preparing briefings on changes and validation results as well as design and development of proof of concept demonstrators for validation purposes.

(4) Attendance at coordination meetings and exercise venues may be requested.

2.2 Specific Expertise Required:

[See Requirements]

3 DELIVERABLES

All of the defined deliverables are briefings, reports, designs (proof of concept demonstrators) or specifications with a well-defined NCI Agency-specified format.

The deliverables will be required by various dates between March 2024 and December 2024.

All deliverables are to be peer reviewed within the deliverable cycle. Input and guidance will be provided by NCI Agency in written from or/and during the targeted review meetings.

The following activities are seen as necessary to achieve the objectives of the Programmes of Work for 2024:

i) Expert-level support for NATO elements (NDS, ACT HQ and NCI Agency) with the emerging Metadata Labelling Strategy and the Data Centric Security Strategy. The design of Test Cases and coordination with test partners will be required in preparation for CWIX 2024. This may require demonstration and testing of Data Centric Security (DCS) components.

ii) Participation in the CWIX 2024 Exercise to support NCI Agency in executing defined Test Cases and preparing the Final Report;

iii) Expert level support for the modification, development and validation of Binding Profiles in support of TIDE and CWIX activities.

iv) Expert level support of NCI Agency to coordinate with nations and the development of non-finite binding mechanisms and a detailed Implementation Plan for achieving the strategic realisation described in Metadata Labelling and Data Centric Security Vision & Strategy documents;

v) Review and input to achieve revisions to the current NATO FMN Implementation Plan, especially the profile templates and instructions and contribute to similar profile templates and instructions for AFS;

vi) Expert level support to NCMS STANAG 5636 (ADatP) development and ratification process.

vii) Expert level support for the development of the Core Services technical Architectures using the NATO Architecture Framework (NAF) and the validation of the proposed architecture.

viii)Review and input into the technical design and test cases for delivery of the IEG-C solution.

ix) Review and input into the Federated Identity Management policy, standardization and experiments

The following specific deliverables are required:

For SPW019700:

a) A1: Participate in and provide input to the Core Services Workshops [2Q24, 4Q24]

b) A2: Support Development of CS Architectures [2Q24, 4Q24]

c) A3: Provide support and technical expertise for Data Centric Security (DCS) Implementation [2Q24, 3Q24, 4Q24]

d) A4: Support current and future iterations of SOR/MER [3Q24, 4Q24]

e) A5: Support the planning and execution of ACT’s involvement in the CWIX 2024 exercise and spring/fall TIDE Sprints [1Q24, 2Q24, 3Q24]

f) A6: Support the planning and execution of ACT’s involvement in the CWIX 2025 exercise [4Q24]

g) A7: Federated Mission Networking Support [1Q24, 2Q24, 3Q24, 4Q24]

h) A8: Support the capture of Capability/Service Requirements for C-DIS [1Q24, 2Q24]

i) A9: Support Development of C-DIS Architectures [3Q24, 4Q24]

j) A10: Participate in and provide input to the DCS Workshops [3Q24, 4Q24]

k) A11: Support Development of CIS Interconnection Scenarios mapping to existing CS CPP [3Q24, 4Q24]

l) A12: Support DCS integration activities with Zero Trust Architecture (ZTA) and NATO Core Data Framework (NCDF). (3Q and 4Q 2024).

m) A13: Deliver recommendations on approaches for metadata labelling, binding and tagging (4Q 2024).

n) A14: Support developing Federated Mission Networking (FMN) use cases, such as multi-domain operations (MDO) (4Q 2024)

o) A15: Document DCS crypto options (4Q 2024).

For NCB019122:

a) D1: Metadata Campaign [1Q24, 2Q24, 3Q24, 4Q24]

b) D2: Service Interface Profiles (SIP) and Standards/Supplements [1Q24, 2Q24, 3Q24, 4Q24]

For NCB019672:

c) B1: NCDF and Data transformation support [1Q24, 2Q24, 3Q24, 4Q24]

B2: Support to Data Centric Security (DCS) CaT [1Q24, 2Q24, 3Q24, 4Q24]

B3: Data Centric Security (DCS) Coordination [1Q24, 2Q24, 3Q24, 4Q24]

B4: Data-Centric Transformation Support [1Q24, 2Q24, 3Q24, 4Q24]

d) B5: Assuring data standards coherence with STANAGs 5636, 4774, 4778 and semantics align in MDO [1Q24, 2Q24, 3Q24, 4Q24]

e) B6: Federated IDM candidate solution architecture [1Q24, 2Q24, 3Q24, 4Q24]

B7: Contribution to Zero Trust Implementation, API Technical Implementation and Interconnectivity of NATO CIS Directives [1Q24, 2Q24, 3Q24, 4Q24]

For SPW019688:

a) C1: Support NATO Core Data Framework (NCDF) implementation development [1Q24, 2Q24, 3Q24, 4Q24]

b) C2: Support TDL STANAG alignment activities [1Q24, 2Q24, 3Q24, 4Q24]

c) C3: Support NATO Core Data Framework (NCDF) standard development [1Q24, 2Q24, 3Q24, 4Q24]

d) C4: Support mapping and transformation language selection/definition and test [2Q24, 3Q24, 4Q24]

The expected classification level of the deliverables is NATO UNCLASSIFIED.

However, in some particular circumstances it might be decided that a part of the deliverables will be classified as NATO RESTRICTED.

The execution of duties may require the consultants to access information, as well as CIS systems, classified up to NATO SECRET.

In addition to the above-mentioned deliverables, the consultants are expected to co-author with the NCI Agency publications in international conferences and journals contributing to discoveries and advances made during the period of performance. The consultants will be required to prepare documentation and make presentations to sponsors and stakeholders throughout the contract period. This may require the consultants to independently represent specific technical areas on behalf of NCI Agency without direct support of Agency staff e.g. TIDE Sprint, CWIX execution. The consultants will be required to provide technical support to the NCI Agency team on an ad hoc basis throughout the contract period.

4 PAYMENT SCHEDULE

This requirement is for the delivery of the products identified in Section 3. Payment will be provided based on these deliveries as indicated in the following table:

Item 1 - A1, A2, A3, A4, A8, B1, B2, B3, B4, B5, B6, B7, C1, C2, D1, D2

Invoice Date: 15 April 2024

Payment Schedule: 25% of the total cost

Item 2 - A1, A2, A3, A5, A7, A8, B1, B2, B3, B4, B5, B6, B7, C1, C2, C4, D1, D2

Invoice Date: 15 July 2024

Payment Schedule: 25% of the total cost

Item 3 - A3, A4, A5, A7, A9, A10, A11, B1, B2, B3, B4, B5, B6, B7, C1, C2, C3, C4, D1, D2

Invoice Date: 15 October 2024

Payment Schedule: 25% of the total cost

Item 4 - A1, A2, A7, A9, A12, A13, A14, A15, B1, B2, B3, B4, B5, B6, B7, C1, C2, C3, C4, D1, D2

Invoice Date: 20 December 2024

Payment Schedule: 25% of the total cost

Invoices shall be accompanied with a Deliverable Acceptance Sheets (Annex C) signed by the project authority.

5 SECURITY CLEARANCE

The duties of the contractors require a valid NATO SECRET security clearance.

6 PERIOD OF PERFORMANCE

The personnel are required for the period starting March 2024 through 31 December 2024.

7 TERMS

This is a Completion-type contract requires contractors with complementary skills to complete the work.

This requirement may be updated for additional deliverables prior to the completion of this contract if other tasks are exercised under the POW.

Work on the contract will be performed off-site at the consultant’s own office. Office space and computer equipment will be provided at NCI Agency-NL for access during scheduled visits for the duration of this contract; contractor is responsible for office space and computer equipment at their own facilities.

This Task Order may require scheduled travel. This travel will be billed to the purchaser by the service provider separately and is considered an addition to the overall cost of the bid.

Extraordinary travel (Purchaser Directed Travel) may be required to other NATO or non-NATO locations as necessary so agility must be maintained.

Requirements

5 SECURITY CLEARANCE

• The duties of the contractors require a valid NATO SECRET security clearance.

2.2 Specific Expertise Required:

The following expertise and knowledge is essential for this requirement:

• Expert knowledge of NATO’s Data Centric Security (DCS) and Zero Trust vision and strategy, along with expert technical knowledge of enablers such as the NATO Metadata Binding Service and NATO End Point Labelling demonstrators;
• Detailed knowledge of Industry and NATO standards in the area of labelling, binding and marking;
• Expert knowledge of NATO Confidentiality Label Syntax specifications, profiles and emerging standards;
• Expert knowledge of NATO Metadata Binding Mechanism specifications, profiles and emerging standards;
• Expert knowledge of NATO Core Metadata Specification, profiles and emerging standards;
• Expert knowledge of NATO Core Data Framework (NCDF) and related profiles and emerging standards;
• Detailed knowledge of NATO’s STANAG and IEPD processes;
• Detailed knowledge of NATO cross-domain solutions and information exchange requirements;
• Detailed knowledge of FMN concepts, evolutionary strategy and the NFIP;
• Detailed knowledge of AFS concepts, evolutionary strategy and the AFS Joining Instructions
• Detailed knowledge of methods and mechanisms to resolve security label translation/mapping between NATO and NATO national systems;
• Detailed knowledge of federated Identity and Access Management (IdAM) policies, standards and industry trends;
• Detailed knowledge and experience with Web Service-specific security standards and products including Security Policy Information File (SPIF), OIDC, SAML 1.x and 2.0, XACML, WS-Security, WS-Trust, Microsoft Active Directory Federation Services (ADFS), and competing products in this space;
• Detailed knowledge and experience with Service Oriented Architecture (SOA) implementation concepts including Web Services, SOAP, REST, Publish-Subscribe, JSON, XML, WSDL and UDDI, as well as Web Services specifications;
• Detailed knowledge and experience with specific security areas including PKI, X.509, and products including Microsoft Certificate Services and Entrust Certificate Authority. Knowledge of the Enterprise NPKI would be beneficial;
• Expertise in commercial security labelling products and object level protection solutions;
• In-depth familiarity with NATO organisational and political structures and relationships with NATO and Partner nations;
• Good understanding of cryptography;
• Ability to independently produce and edit technical documentation and scientific reports in English;
• Excellent communications skills;
• Good understanding of the project management methodologies, including PRINCE 2 and Agile/Scrum