2024-0265 Technical Support on Secure Comm Interoperability (NS) - THU 27 Mar

Bidding Instructions - Technical Proposal: Bidders shall include in the Technical Proposal:

1. CVs of candidates of the proposed team

2. Rationale. Bids to this RFQ must specify how the proposed candidate(s) meet(s) the profile requirement, providing clear rationales and examples as justification for compliance for each of the profile requirements in section 9.

Deadline Date: Thursday 27 March 2025

Requirement: Technical Support on Secure Communications Interoperability PoW

Location: Off-Site

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Period of Performance: 2025 BASE: As soon as possible, but no later than 28th of April 2025 – 31st December 2025 with possibility to exercise the following options:

• 2026 Option: 1st January 2026 until 31st December 2026

• 2027 Option: 1st January 2027 until 31st December 2027

• 2028 Option: 1st January 2028 until 31st December 2028

Required Security Clearance: NATO SECRET

1. PURPOSE

This statement of work (SoW) describes the work to be contracted for Subject Matter Expert (SME) support on secure voice and data communication services for consultation, command and control (C3) and support to NATO and the Nations with concepts, proposals, and architectures for coherent and resilient digital transformation of communications, facilitating progress on SCIP, NINE, Zero Trust, federated communications services, and PCN techniques and standards. This SoW is to be executed by a contractor under NATO Communications and Information Agency (NCIA) technical guidance and oversight.

2. BACKGROUND

Within its mission, the NATO Digital Staff (NDS) is actively driving forward a number of specific areas in conjunction with the nations, and specifically the Digital Standardisation and Interoperability (DSI) Branch are driving resilient secure communications interoperability for wireless and wired communications and tactical routing for Multi-Domain Operations (MDO) in line with the 2022 Strategic Concept, NATO 2030, Alliance C3 Policy, and related policies and strategies DSI Secure Communications helps the Nations achieve interoperable, secure, federated and resilient Alliance C4 communications at the tactical, deployable and strategic levels, including application of Emerging and Disruptive Technologies (EDTs) such as 5G, Zero Trust, quantum computing, and virtualization. The tasks are aligned with the Digital Policy Committee (DPC) Lines of Development (LoD), providing support to the work of the DPC Substructure in Capability Panels 1 and 4 and their subordinate Capability Teams (CaT) including (but not only) for Network and Security, Line of Sight, Beyond Line of Sight and SATCOM.

In this context, the NDS Programme of Work (PoW) requires expert technical and managerial knowledge in Interoperability topics, particularly in the areas dealing with secure networking, secure voice, communication architectures, Zero Trust, quantum computing, and data centric security, among others, that contribute to Interoperability in the NATO context.

Under this PoW project, NATO Integrated Mobile Services Centre provides SME support services to the NDS to directly support the NATO Alliance Capabilities and indirectly support the development of NATO Enterprise CIS.

In particular, support from a SME is required in 2025, and beyond, in support of technical and management work in the above areas contributing to the support that NCIA provides to the NDS PoW in the broad area of secure communications Interoperability.

3. SCOPE OF WORK

The work shall cover a total of 65 days (490 hours) of planning and coordinating, reporting, concept development, analysis, writing, reviewing, holding discussions, modifying documents after each discussion, preparing briefs, presenting results and attending meetings and conferences.

The contractor shall support the below activities with guidance from the NCIA Point of Contact or delegated staff.

3.1. The selected contractor will be responsible to assist the NCIA PoW teams and the NDS sponsors in providing coordination and management of the different work strands, including:

3.1.1. Developing the necessary supporting artefacts;

3.1.2. Supporting the PoW project manager and the various technical leads;

3.1.3. Proactively coordinating activities with other NCIA PoW teams (working in related topic areas and sub-programmes in the overall NDS PoW);

and,

3.1.4. Exercising technical leadership and management of work packages within the Secure Communications Interoperability work strands as necessary.

3.2. Participate in portfolio management, programme management and associated coordination activities with a view to improve the situational awareness at portfolio and programme levels, identify links between the NDS PoW and other NATO programmes of work and initiatives, develop technical and non-technical dashboards, and liaise with non-technical staff.

3.3. Organize and engage in scoping discussions with sponsors and project team members on PoW activities, elaborate work plans, and act as technical manager and/or senior contributor to the work to be conducted.

3.4. Prepare, organize and lead scoping and coordination meetings with the different PoW external and internal stakeholders, and contribute to overall coherence and awareness in PoW execution.

3.5. Provide technical briefings and presentations on the progress of the various work activities, making sure that work plans are followed and meet internal and external milestones.

3.6. Elaborate high-quality technical reports and briefs to be circulated as NATO technical documents and inputs to NATO committees and other forums.

3.7. Perform other duties as required, including deputizing for the senior NCIA project team members as required.

4. DELIVERABLES

4.1. Due to the intrinsic nature of the NATO Digital Staff PoW, it is not possible to define upfront clear and deterministic deliverables. The expectation is that progress will be made on all the deliverables over a 12-month period, and that some of the deliverables may be paused to make progress on others and to accommodate additional pressures such as attendance at face to face meeting as the calendar is confirmed or added to.

4.2. Therefore, the contractor will be part of a team and activities will be performed using an Agile and iterative approach during multiple sprints.

4.3. Each sprint is planned for a duration of one calendar month. The content and scope of each sprint, i.e. the deliverables, will be agreed during the sprint-planning meeting, in coordination with the NCIA, the NDS and the contractor. Upon completion and validation of each sprint, the completed sprint can be submitted for payment. More detail on the sprints is provided in section 5.

4.4. Deliverables: The contractor is required to provide specialized support to the NCIA as defined in the following deliverables.

4.4.1. Provide SME support on secure communications interoperability and resilience topics that facilitate the Digital Policy Committee (DPC) substructure (with focus on the Network and Security Capability Team) to maintain standards, adopt specifications into NATO standards (such as SCIP and NINE), and develop standards when necessary;

4.4.2. Provide SME support to encourage the use of DPC communication standards, with a particular focus on SCIP, NINE, Zero Trust, and Protected Core Networking;

4.4.3. Contribute SME knowledge to DPC secure communications Policies / Guidance / Architectures as directed by the NDS;

4.4.4. Develop presentations and briefs to support DPC discussions on secure communications and resilience to facilitate a shared understanding among different stakeholders on interoperability aspects and architectural options for resilient federated secure communications;

4.4.5. Help to ensure alignment of DPC secure communication standards (voice and data) with NATO requirements and with DPC policies/ strategies/ principles (such as Cloud First, Zero Trust, service based, crypto modernization, NATO 2030, Multi Domain Operations, etc.);

4.4.6. Maintain technical awareness of Federated Mission Network (FMN) specifications in the area of federated communication standards and identify potential DPC work items to support FMN. This may require engagement with FMN technical syndicate(s).

5. COORDINATION AND REPORTING

5.1. Due to the agile approach of this project, there is a need to define a set of specific arrangements between the NCI Agency and the contractor that specifically defines the deliverables to be provided for each sprint as well as their associated acceptance criteria. This includes sprint planning, execution and review processes, which are detailed below:

5.2. Sprint Planning:

5.2.1. Objective: Plan the objectives and deliverables for the upcoming sprint;

5.2.2. A monthly sprint planning meeting will be conducted with the contractor to discuss and plan the objectives and deliverables of the upcoming sprint;

5.2.3. Define clear, achievable objectives for the sprint and associated acceptance criteria, including specific delivery targets and quality standards for each task, to be recorded in the sprint planning meeting minutes.

5.2.4. Agree on the required level of effort for the various sprint tasks.

5.2.5. Backlog Review: Review and prioritize the backlog of tasks, issues, and improvements from previous sprints.

5.2.6. Assess and validate the status of completion of the previous sprint and sign off sprints to be submitted for payment as covered in Section 9.5.

5.3. Sprint Execution

5.3.1. Objective: Contractor to execute the agreed “sprint plans” with continuous monitoring and adjustments.

5.3.2. Regular meetings: The contractor shall participate in weekly status update meetings to review sprint progress, to address issues, and to make necessary adjustments to the processes or objectives. Those sprint meetings will be via electronic means using Conference Call capabilities. On rare occasions, there may be a requirement to attend a physical meeting in the office, or in person, as requested by the project manager.

5.3.3. By default, the sprint meetings will be held using Conference Call capabilities.

5.3.4. Continuous improvement: The contractor will establish a continuous feedback loop to gather input from all stakeholders for ongoing improvements and their subsequent implementation depending on NCIA approval.

5.3.5. Progress Tracking: Contractor to track and share the status of the sprint deliveries and any risks / issues.

5.3.6. Quality Assurance / Quality Check: The contractor shall ensure that the quality standards agreed for the sprint deliverables are maintained throughout the sprint.

5.3.7. Quality Control: NCIA will perform the quality control of the agreed deliverables and provide feedback on any issues.

5.4. Sprint Review

5.4.1. Objective: Review the sprint performance and identify areas for improvement.

5.4.2. At the end of each sprint, there will be a meeting between the NCIA and the Contractor to review the deliverables and outcomes against the acceptance criteria.

5.4.3. Define specific actions to address issues and enhance the next sprint.

5.5. Sprint Payment

5.5.1. Progress on the above deliverables will be checked and approved on a

monthly basis.

5.5.2. For each sprint to be considered as complete and payable, the contractor must report the outcome of their work during the sprint, first verbally during the sprint review meeting and then in writing within three days after the sprint’s end date. The format of this report shall be an email to the NCIA Point of Contact mentioning briefly the work performed and the development achievements during the sprint against the agreed tasking list set for the sprint.

5.5.3. The payment of each sprint will be depending upon the achievement of agreed acceptance criteria for each task, defined at the sprint planning stage.

5.5.4. If the contractor fails to meet the agreed acceptance criteria for any task, the NCIA reserves the right to withhold (partial) payment for that sprint.

5.5.5. Invoices shall be accompanied with a Delivery Acceptance Sheet, signed by the contractor and the project manager, and shall follow the payment milestones.

6. DELIVERABLES AND PAYMENT SCHEDULE

6.1. Payments will be done on a monthly basis

Deliverable: 8 Sprints

Payment Milestones: At the end of each month.

Completion of each monthly milestone shall be accompanied by a DAS signed for acceptance by the Purchaser’s authorized point of contact.

2026 OPTION: 01 January 2026 to 31 December 2026

Deliverable: Up to 12 Sprints

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: At the end of each month.

2027 OPTION: 01 January 2027 to 31 December 2027

Deliverable: Up to 12 Sprints

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: At the end of each month.

2028 OPTION: 01 January 2028 to 31 December 2028

Deliverable: Up to 12 Sprints

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: At the end of each month.

7. PERIOD OF PERFORMANCE

The period of performance shall be from 28th of April 2025 to 31 December 2025.

The Purchaser reserves the right to exercise the following additional options by applying the price adjustment formula as outlined in CO-115786-AAS+ Special Provisions article 6.5.:

Option 2026 – with period of performance from 01 January 2026 until 31 December 2026;

Option 2027 – with period of performance from 01 January 2027 until 31 December 2027;

Option 2028 – with period of performance from 01 January 2028 until 31 December 2028.

8. ROLES AND RESPONSIBILITIES

8.1. The NCIA staff will provide oversight and inputs that shall be taken into account in the conduct of the work but which shall not waive the contractor’s responsibility for the deliverables.

8.2. The work to be addressed by the selected contractor will entail technical risk, uncertainty, and intrinsic challenges, such as unclear initial scope of activities, many variables and involved stakeholders, frequent need for clarifications and for engagements, etc.

8.3. The contractor will have a proactive and constructive approach to the work and to the project tasks, for which he/she will make use of his/her broad technical and managerial experience.

8.4. The selected contractor will be part of various project teams, will work on project topics as required, and will proactively engage with project stakeholders such as sponsors and NCIA project teams.

8.5. The selected contractor will work offsite with ad-hoc business travel to NATO premises in Brussels or The Hague as agreed and per required (travel and subsistence costs will be borne separately by the Purchaser).

8.6. Any physical meeting that may be required shall be agreed between the contractor(s) and the project manager and any additional travel and subsistence costs are to be invoiced to the Agency as extra costs to this contract.

8.7. The Contractor staff should in principle be available during the Agency's core working hours (local time): Monday to Thursday: 0900 to 1200 and 1300 to 1600 Friday: 0900 to 1200 and 1300 to 1500, and observe Purchaser’s official holidays. Part time working (reduced working time arrangement) will be agreed on a case-by-case basis and is always subject to line management approval.

9. REQUIRED QUALIFICATIONS

[See Requirements]

10. SECURITY AND NON-DISCLOSURE AGREEMENT

10.1. The contracted individual (or team lead, in case of a team) must be in possession of a security clearance of NATO Secret or above. The signature of a Non-Disclosure Agreement between the contractors contributing to this task and NCIA will be required prior to execution.

10.2. NCIA will provide one NATO RESTRICTED REACH laptop computer to the contractor during the execution of the Contract. The contractor shall return this laptop computer back to NCIA after completion of the Contract.

11. SPECIAL TERMS AND CONDITIONS

11.1. All products delivered under this contract shall be property of NATO.

11.2. Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive.

12. POINTS OF CONTACT

Points of contact will be disclosed after contract award.

9. REQUIRED QUALIFICATIONS

The contractor must have demonstrated skills, knowledge and experience in the following areas:

• 9.1. A senior profile matching the level of a principal engineer with a solid scientific background and with a proven track record of technical management work in the area of secure communications (voice and data) in defence networks.
• 9.2. With limited guidance, coordinate activities with the different stakeholders and organize meetings and discussions to discuss and/or present interim results;
• 9.3. Engaging with stakeholders, understanding their needs, problems and requests, and proposing constructive ways ahead;
• 9.4. Planning, coordinating and execution of technical and scientific work for defence projects involving multiple stakeholders, including development of project management artefacts and documentation like plans, status reports, briefs, etc.;
• 9.5. Collecting disparate information from multiple sources and building bodies of knowledge;
• 9.6. Conducting analysis and developing concepts in the areas of secure communications, including applying architecture methodologies where relevant;
• 9.7. Communicating effectively in English both in writing and orally, with excellent writing and briefing skills to different types of audiences (including senior technical and non-technical stakeholders), with presentations at conferences and NATO venues and writing high-quality technical reports for NATO circulation;
• 9.8. Recent NATO experience, including direct support to NATO technical consultation activities under the Digital Policy Committee Substructure and their related work.
• 9.9. Detailed understanding of secure networking in NATO and multinational contexts, including at the NATO Network and Security Capability Team (N&S CaT);
• 9.10. Experience and knowledge in current developments in NATO communications, such as connectivity resilience, Next Generation Networks, FMN Specifications, Protected Core Networking, IPv6, Software Defined WAN, the SCIP (secure voice) and NINE (secure IP) standards, Zero Trust, and NATO and multinational scenarios for secure IP and voice communications, including in NATO Enterprise related contexts.

10. SECURITY AND NON-DISCLOSURE AGREEMENT

• 10.1. The contracted individual (or team lead, in case of a team) must be in possession of a security clearance of NATO Secret or above. The signature of a Non-Disclosure Agreement between the contractors contributing to this task and NCIA will be required prior to execution.