2025-0036 Operation Maint Active Directory Security CTS - MON 5 May RELAUNCH

Previously proposed candidates were noncompliant for the following reasons:

• The candidate is not suitable for the position. Lack of knowledge and experience as Windows System administrator and Windows Active Directory security.
• Candidate Interviewed. He/She does not have adequate information related to system administration.
• He/She does not have enough experience in System Administration.
• He/She does not have enough experience in Linux System administration.
• Candidate Interviewed. His/Her experience and knowledge in Active Directory and Windows system management are not satisfactory for the position.

Deadline Date: Monday 5 May 2025

Requirement: Support Operation & Maintenance of Active Directory Security Assessment Tool

Location: Mons BE

Full Time OnSite: Yes

Period of Performance: 2025 BASE: As soon as possible but not later than 16th June 2025 until 31 December 2025.

2026 OPTION: 1 January 2026 until 31 December 2026

2027 OPTION: 1 January 2027 until 31 December 2027

2028 OPTION: 1 January 2028 until 31 December 2028

Required Security Clearance: NATO COSMIC TOP SECRET

1. PURPOSE

The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the operation and maintenance of Active Directory Security Assessment Tool to be conducted by the selected company.

The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Active Directory Security Assessment Tool operation and maintenance activities more effectively.

2. BACKGROUND

The Office of the CIO (OCIO) Enterprise Cyber Security Posture Improvement project focuses on acquisition and implementation of stateofart tools to enhance Enterprisewide cybersecurity capabilities considering the key cybersecurity functions.

NCIA initiated a project and procured Active Directory Security Assessment Tool (Tenable Identity Exposure) providing identity unification and risk scoring realtime attack detection and continually assessing directory services security in realtime eliminate attack paths that lead to domain domination and investigate and inform.

To support NCSC for the of tasks identified in the subject work package of the project the NCIA is looking for subject matter expertise in the delivery of complex foundational and novel Cybersecurity capability.

This contract is to provide consistent support on a deliverablebased (completiontype) contract to NCSC contributing to its POW based on the deliverables that are described in the scope of work below.

3. SCOPE OF WORK

The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of Active Directory Security Assessment Tool with a deliverable based (completiontype) contract to be executed in 2025.

Service performed by a contractor include the lifecycle management of the Tenable Identity Exposure software (including all tasks related to A2SL inclusion) its configuration to ensure coverage of all inscope Active Directory servers and the regular monitoring of the availability of the capability.

Under the direction / guidance of the NCSC Point of Contact a contractor will be the part of the NCSC Team supporting the following activities:

1 System Installation and Configuration:

a) Install and set up Tenable Identity Exposure

b) Ensure the software is deployed correctly across relevant environments

c) Set up integrations with identity systems like Active Directory LDAP or cloudbased IAM solutions.

2 System Maintenance and Updates:

a) Apply software updates and patches

b) Regularly update Tenable Identity Exposure and related systems to ensure the latest security patches and features are applied

c) Ensure that the platform is running smoothly by checking system logs server performance and availability

d) Request and build monitoring and alerting mechanisms to be aware of the issues system resource consumption

e) Address technical issues such as connectivity problems between Tenable Identity Exposure and other integrated systems or errors in scans or reports

3 Manage Integrations:

a) Ensure Tenable Identity Exposure is integrated with other security solutions like SIEM (Security Information and Event Management) systems vulnerability management platforms or ticketing systems

b) Set up proper data synchronization between identity systems and Tenable Identity Exposure to ensure accurate and uptodate information.

4 User and Role Management:

a) Configure access control for the Tenable Identity Exposure platform itself ensuring that only authorized personnel have the right level of access

b) Set up appropriate permissions and roles for the identity systems being monitored ensuring seamless integration.

5 Monitoring and Reporting:

a) Proactively review logs and alerts generated by Tenable Identity Exposure to identify any technical issues errors or failures in the monitoring process

b) Produce and distribute reports related to system health monitoring activities and compliance status (e.g. audit logs system performance metrics.

6 System Documentation:

a) Document configuration and changes: Keep uptodate documentation of all configurations integration steps troubleshooting procedures and system maintenance tasks

b) Maintain an inventory of connected systems: Keep track of all integrated identity sources IAM systems and external tools connected to Tenable Identity Exposure.

7 Automation and Scripting:

a) Automate tasks: Write scripts or configure automation tasks to streamline routine system management tasks such as regular backups system checks or integrations.

b) Improve system efficiency: Identify areas where automation could reduce manual intervention and improve operational efficiency.

The measurement of for this work is sprints with each sprint planned for a duration of 1 week.

The content scope of each sprint and their related acceptance criteria are to be peer reviewed within the sprint cycle and communicated in writing to the contractor before beginning of each sprint. Input and guidance will be provided by NCI Agency in written from or/and during the targeted review meetings

4. DELIVERABLES AND PAYMENT MILESTONES

4.1 Payment Schedule will be at the end of each 4 sprints following the acceptance of the sprint report.

4.2 The NCIA team reserves the possibility to exercise a number of options based on the same scrum deliverable timeframe at a later time depending on the project priorities and requirements.

4.3 The payment shall be dependent upon successful acceptance of the sprint report and the Delivery Acceptance Sheet (DAS) (Annex A).

4.4 Invoices shall be accompanied with a Delivery Acceptance Sheet (DAS) (Annex A) signed by the Contractor and the NCIA POC.

4.5 The following deliverables are expected for the all platforms that are explained in scope of Service (Section 3 on this statement of work:

2025 BASE: 16 th June 2025 to 31 December 2025

Deliverable: 25 sprints to support Operation & Maintenance of Active Directory Security Assessment Tool as per described in Para 3

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex B) signed for acceptance by the Purchasers authorized point of contact and the Contractor

Number of sprints is calculated considering a starting date 16 June 2025. This will be adjusted based on actual starting date

The Purchaser (NCIA) reserves the right to exercise a number of options of one or more sprints based on the same deliverables at a later time depending on the project priorities and requirements at the same cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) (Annex B).

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority.

2026 Option: 1 January 2026 to 31 December 2026:

Deliverable: 46 sprints to support Operation & Maintenance of Active Directory Security Assessment Tool as per described in Para 3

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex B) signed for acceptance by the Purchasers authorized point of contact and the Contractor

2027 Option: 1 January 2027 to 31 December 2027:

Deliverable: 46 sprints to support Operation & Maintenance of Active Directory Security Assessment Tool as per described in Para 3

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex B) signed for acceptance by the Purchasers authorized point of contact and the Contractor

2028 Option: 1 January 2028 to 31 December 2028:

Deliverable: 46 sprints to support Operation & Maintenance of Active Directory Security Assessment Tool as per described in Para 3

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) (Annex B) signed for acceptance by the Purchasers authorized point of contact and the Contractor

The Purchaser (NCIA) reserves the right to exercise a number of options of one or more sprints based on the same deliverables at a later time depending on the project priorities and requirements at the same cost.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) (Annex B).

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority.

5. COORDINATION AND REPORTING

The contractor shall participate in daily status update meetings activity planning and other meetings as instructed physically in the office or in person via digital means using conference call capabilities according to the managers / team leaders instructions.

For each sprint to be considered as complete and payable the contractor must report the outcome of his/her work during the sprint first verbally during the retrospective meeting and then in written within three 3 days after the sprints end date. The format of this report shall be a short email to the NCIA Project Manager mentioning briefly the work held and the development achievements during the sprint.

At the end of the project the Contractor shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level.

6. SCHEDULE

This task order will be active immediately after signing of the contract by both parties.

The period of performance is as soon as possible but not later than 16th June 2025 and will end no later than 31 December 2025.

If the 2026 option is exercised the period of performance is 01 January 2026 to 31 December 2026

If the 2027 option is exercised the period of performance is 01 January 2027 to 31 December 2027

If the 2028 option is exercised the period of performance is 01 January 2028 to 31 December 2028

7. CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.

All documentation etc. will be stored under configuration management and/or in the provided NCIA tools.

8. SECURITY AND NONDISCLOSURE AGREEMENT

It is mandatory to have the candidate be in possession of a NATO COSMIC TOP SECRET security clearance to facilitate followon engagements and coordination at NATO venues.

The signature of a NonDisclosure Agreement between the contractor contributing to this task and NCIA will be required prior to .

9. PRACTICAL ARRANGEMENTS

The contractor will be required to work approximately 100 onsite in SHAPE Mons / BEL as part of this engagement. The NCSC Team is located in SHAPE Mons / BEL with working hours to be adjusted accordingly.

The contractor will be required to work within a NATO country following the rules and regulations applicable for the operations of NATO CIS.

The contractor may NOT be required to travel to other NATO locations as part of his role. Travel expenses for missions to other NATO/NCIA locations rather than SHAPE Mons / BEL will be reimbursed to the individual directly (outside this contract) under NATO rules.

This work must be accomplished by one contractor for the entire performance period.

The Purchaser will provide the contractor with the following PurchaserFurnished Equipment (PFE):

Access to NATO sites as required for the purpose of executing this SOW.

Workspace (needed business IT for both on and offsite work hotdesk at NCSC facility).

NCIA REACH laptop to be used by the contractor for the of the contract.

10. REQUIRED PROFILE

See Requirements

11. DESIRABLE PROFILE

See Requirements

8. SECURITY AND NONDISCLOSURE AGREEMENT

• It is mandatory to have the candidate be in possession of a NATO COSMIC TOP SECRET security clearance to facilitate followon engagements and coordination at NATO venues.

10. REQUIRED PROFILE

The contractor(s) that is going to perform the identified tasks as an Operation and Maintenance Expert of Active Directory Security Assessment Tool must have demonstrated skills knowledge and experience as listed below.

Activities performed by a contractor include the lifecycle management of the Tenable Identity Exposure software (including all tasks related to A2SL inclusion) its configuration to ensure coverage of all inscope Active Directory servers and the regular monitoring of the availability of the capability.

• Bachelors degree in Computer Science Information Technology or related field or equivalent experience.
• 3 years of experience in IT security with a focus on System Administration Security Tools Management in large organisations.
• Strong understanding of security best practices and experience with Tenable products especially with Tenable Identity Exposure.
• IP switching and routing in a wired and wireless environment.
• Systems administration ideally both with Windows and Linux.
• Good engineering skills including programming and/or scripting knowledge (python shell scripting PowerShell).
• Demonstrable experience of analysing and interpreting system security and application logs in order to diagnose faults and spot abnormal behaviours.
• Experience with Service Management monitoring and reporting tools ideally Solarwinds.
• Database management skills preferably MS SQL.
• Experience with system instrumentation solutions such as Ansible.
• Experience with Active Directory Management.

11. DESIRABLE PROFILE

The candidate should also ideally have knowledge and experience in the following areas:

• Experience in working with NATO.
• Experience of working with NATO Communications and Information Agency.
• Experience of working with national Defence or Government entities.

Required Experience:

Director