2025-0313 ACPV Data Analysis, Discover and Onboarding Support (NS) FRI 5 Dec

Deadline Date: Friday 5 December 2025

Requirement: ACPV Data Analysis Data Source Discover and Data Source Onboarding Support

Location: Braine LAlleud Belgium

Full Time On-Site: Yes

Time On-Site: 100%

Period of Performance: 2026 BASE: 2nd Jan 2026 to 31st December 2026 with possibility to exercise the following options:

2027 Option: 2nd January until 31st December 2027

2028 Option: 2nd January until 31st December 2028

Required Security Clearance: NATO SECRET

1. BACKGROUND

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation Command & Control as well as Communications Information and Cyber Defence functions thereby also facilitating the integration of Intelligence Surveillance Reconnaissance Target Acquisition functions and their associated information exchange.

2. INTRODUCTION

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO the NCSCs role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM) the NCSC executes a portfolio of programmes and projects around 219 MEUR euros per year in order to uplift and enhance critical cyber security services.

The TRANSFORM Branch supports the missions of the NCSC by ensuring the delivery of coherent holistic effective and efficient Cyber Security services across the NATO Enterprise.

The Enterprise Asset Configuration Patching and Vulnerability (E-ACPV) Project refers to the comprehensive management of technology assets to enhance NATOs cyber security posture.

ACPV is a broad concept. It is the first Enterprise-wide data service. It will host data from across the NATO Enterprise building the platform on which cyber security professionals will analyse and manage vulnerabilities. The term assets refers to information systems or technology that contain host or process NATO data. Configuration refers to the initial set-up of these assets the way they are pieced together and remain secure. Patching then refers to repairing upgrading or updating these systems. The correct configuration and patching of assets significantly improve cybersecurity and reduces vulnerability of the Alliance as a whole to cyberattacks.

3. PURPOSE

The objective of this Statement of Work (SoW) is to outline the scope of work and deliverables for the ACPV Data Analysis Data Source Discover and Data Source Onboarding Support for NCSC.

The purpose of the work package is to provide support to NCSC to fulfil identified ACPV Discover Onboarding and Analysis activities more effectively as well as documentation activities related to the ACPV implementation and service.

4. SCOPE OF WORK

The aim of this SOW is under the direction / guidance of the NCSC Point of Contact to support NCSC with technical expertise specifically related to ACPV - both project implementation activities and delivery of the service after implementation completion with a deliverable based (completion-type) contract to be executed in 2026 and 2027.

Service performed by the Contractor will be focused on the following activities:

01: Analysis of data sources related to assets configurations and vulnerabilities. (Weekly)

02: Validation of onboarded data sources. (Weekly)

03: Leading technical discussions on data sources correlation SOP. (Weekly)

04 Preparation and presentation of technical findings provision of recommendations and documentation of results. (Weekly)

05 Support data source discovery data source onboarding and data lifecycle processes in the context of ACPV. (Weekly)

06 Review ACPV service for depth compliance and vulnerability exposure. (Weekly)

07 Representation of NCIA to stakeholders delivering presentations and recommendations. (Weekly)

08 Documentation of ACPV processes. (Weekly)

Analysis of data sources related to assets configurations and vulnerabilities

Deliverables expected from the Contractor are outputs from a comprehensive examination of various data repositories to identify critical information concerning the organizations assets their configurations and any potential vulnerabilities. The process begins with the identification and cataloguing of relevant data sources that contain information about the network and information systems. This involves extracting pertinent data to build a comprehensive understanding of asset configurations and vulnerabilities. The analysis focuses on assessing vulnerabilities identifying security gaps and reviewing asset configurations to ensure compliance with established security standards. By synthesizing these findings the task aims to provide actionable insights and recommendations for enhancing the security posture of the organization.

Through this analysis the organization seeks to gain a deeper understanding of its assets and configurations ultimately identifying potential security risks and areas for improvement. The task culminates in the preparation of detailed reports that summarize the analysis results highlight key vulnerabilities and suggest mitigation strategies.

These reports serve as a foundation for decision-making enabling the organization to proactively address vulnerabilities and strengthen its network and information system security framework. By undertaking this task the organization demonstrates its commitment to maintaining a robust security posture ensuring the protection of its critical assets and information systems.

Validation of onboarded data sources

Deliverables expected from the Contractor are outputs from thorough examination and confirmation of the reliability and accuracy of data sources that have been integrated into the organizations systems. This process ensures that the data sources meet predefined criteria and standards for quality relevance and security. The validation task includes assessing the datas integrity completeness and consistency as well as verifying the sources authenticity and compliance with organizational policies and industry regulations.

The objective of this task is to guarantee that the data sources provide dependable and actionable insights for decision-making processes. The approach involves collaborating with technical teams and stakeholders to review documentation conduct technical evaluations and perform data analysis. This task may also include identifying potential vulnerabilities and recommending corrective actions to enhance data security and usability. Regular validation exercises are crucial to maintaining the organizations data ecosystems robustness and ensuring that it supports strategic objectives effectively.

Leading technical discussions on data sources correlation SOP

Deliverables expected from the Contractor are outputs from orchestrating and guiding conversations among internal and external stakeholders to address technical aspects related to data management and utilization. This includes discussions on the selection integration and optimization of data sources as well as the methodologies for correlating data to derive meaningful insights. The task requires expertise in both technical and strategic dimensions ensuring that all parties have a clear understanding of the processes challenges and solutions associated with data handling.

The objective is to foster a collaborative environment where technical complexities are dissected and resolved and where SOPs are reviewed and refined to enhance operational efficiency. The approach involves setting agendas facilitating discussions and synthesizing diverse viewpoints to develop actionable strategies. Leading these discussions ensures alignment between technical capabilities and organizational goals promoting effective data exploitation and adherence to best practices. Regular engagements and follow-ups are essential to maintain momentum and drive continuous improvement in data management processes.

Preparation and presentation of technical findings provision of recommendations and documentation of results

Deliverables expected from the Contractor are outputs from compiling and analysing data-driven insights and translating them into comprehensive technical reports. This task requires the synthesis of complex information into clear actionable findings that are easily understood by both technical and non-technical stakeholders. The preparation phase includes data analysis identification of key trends and evaluation of technical performance which is then structured into a coherent presentation format.

The objective is to effectively communicate technical findings and recommendations to inform decision-making and drive strategic initiatives. The approach includes creating detailed documentation that captures the methodology results and implications of the analysis. Presentations are tailored to the audience emphasizing clarity and relevance while recommendations are aligned with organizational goals and operational realities. The documentation serves as a valuable resource for future reference ensuring that insights are preserved and can guide ongoing and future projects. Regular updates and feedback loops are integral to refining the process and enhancing the impact of the findings.

Support data source discovery data source onboarding and data lifecycle processes in the context of ACPV

Deliverables expected from the Contractor are outputs from assisting in the identification and integration of new data sources into the ACPV (Assumed Contextual Project or Program Value) framework. This includes evaluating potential data sources for their applicability reliability and alignment with project objectives. The task also encompasses the onboarding process ensuring that new data sources are seamlessly integrated into existing systems and processes while adhering to organizational standards and protocols.

The objective is to enhance the ACPVs data ecosystem by expanding and optimizing the range of data sources available thereby improving the quality and scope of data-driven insights. The approach involves close collaboration with technical teams to streamline the onboarding process ensuring that all necessary security compliance and operational checks are conducted. Additionally supporting the data lifecycle processes involves ongoing monitoring maintenance and optimization of data sources to ensure their continued relevance and effectiveness. This task is crucial for maintaining a dynamic and robust data environment that supports the projects evolving needs.

Review ACPV service for depth compliance and vulnerability exposure

Deliverables expected from the Contractor are outputs from comprehensive evaluation of the ACPV service to ensure it meets the necessary technical and security standards. This process requires a detailed examination of the services architecture configurations and operational procedures to verify that they align with the established compliance requirements. The review will assess the depth of IT services provided ensuring they are robust and comprehensive enough to support the organizations needs. This includes analysing the services documentation Standard Operating Procedures (SOPs) and technical reports to identify any discrepancies or areas for improvement.

Additionally the task involves identifying potential vulnerabilities within the ACPV service that could pose security risks to the organization. This includes scrutinizing the interconnection points between networks and information systems as well as evaluating the effectiveness of existing security measures. The goal is to uncover any weaknesses that could be exploited by malicious actors and to provide recommendations for mitigating these risks. By conducting this thorough review the organization can ensure that the ACPV service operates securely and efficiently maintaining compliance with internal and external standards.

Representation of NCIA to stakeholders delivering presentations and recommendations

The task Representation of NCIA to stakeholders delivering presentations and recommendations entails acting as the official spokesperson for the NCIA in meetings with external parties. This role involves conveying the organizations objectives initiatives and progress to stakeholders ensuring that they are well informed about the NCIAs activities and strategic direction. The representative must possess a deep understanding of the organizations projects and priorities to effectively communicate key messages and foster positive relationships with stakeholders. This task requires strong interpersonal skills and the ability to engage with diverse audiences including government entities partner organizations and industry leaders.

Furthermore the task includes delivering presentations that provide insights into technical data and findings along with actionable recommendations based on thorough analyses. The representative must be adept at translating complex technical information into clear understandable formats that facilitate informed decision-making. By offering expert guidance and recommendations the representative plays a crucial role in shaping stakeholders perceptions and decisions ensuring alignment with the NCIAs goals. This task is pivotal in building trust and credibility with external parties and driving collaborative efforts that support the organizations mission.

Documentation of ACPV processes

Deliverables expected from the Contractor are outputs from systematically capturing and recording all procedures methodologies and workflows associated with the ACPV service. This documentation serves as a comprehensive reference that outlines how the ACPV service operates detailing each step of the processes involved.

The aim is to create clear structured documents that provide guidance for current and future personnel ensuring consistency and accuracy in the execution of ACPV-related tasks. This includes documenting technical specifications compliance checklists and any relevant operational protocols to facilitate seamless knowledge transfer and operational continuity.

Moreover the documentation process is critical for maintaining transparency and accountability within the organization. By thoroughly documenting ACPV processes the organization can easily track changes updates and improvements over time enabling effective process management and optimization. This task also supports auditing and compliance efforts providing evidence that the ACPV service adheres to required standards and regulations. Comprehensive documentation is essential for risk management as it helps identify potential gaps or vulnerabilities within processes and supports the development of strategies to address them proactively.

5. SPRINTS PLANNING EXECUTION REVIEW AND PAYMENT:

Due to the AGILE approach of this project there is a need to define a set of specific arrangements between the NCIA and the Contractor. These arrangements specifically define the deliverables to be provided for each sprint as well as their associated acceptance criteria. This includes sprint planning execution and review processes which are detailed below:

5.1. Sprint Planning:

Objective: Plan the objectives for the upcoming sprint.

Kick-off meeting: Conduct a monthly meeting with the Contractor to plan the objectives of upcoming sprints and review Contractors manpower to meet the agreed deliverables.

Set sprint goals: Define clear achievable goals for the sprint and associated acceptance criteria including specific delivery targets quality standards as well as Key Performance Indicators (KPIs) for each task to be recorded in the sprint meeting minutes.

Agree on the required level of effort for the various sprint tasks.

Backlog Review: Review and prioritise the backlog of tasks issues and improvements from previous sprints.

Assess each payment milestone cycle duration of 4 sprints - state of completion and validation of each sprint status and sign off sprints to be submitted for payment as covered in Section 5.

5.2. Sprint Execution:

Objective: Contractor to execute the agreed sprint plans with continuous monitoring and adjustments.

Regular meetings between NCIA and the Contractor to review sprint progress address issues and make necessary adjustments to the processes or production methodology. The meetings will be physically in the office.

Continuous improvement: Contractor to establish a continuous feedback loop to gather input from all stakeholders for ongoing improvements and their subsequent implementation depending on NCIA approval.

Progress Tracking: Contractor to use a shared dashboard or tool to track the status of the sprint deliveries and any issues.

Quality Assurance/Quality Check: Contractor shall ensure that the quality standards agreed for the sprint deliverables are maintained throughout the sprint.

Quality Control: NCIA to perform the Final Quality Control of the agreed deliverables and provide feedback on any issues.

5.3. Sprint Review:

Objective: Review the sprint performance and identify areas for improvement.

At the end of each sprint there will be a meeting between the NCIA and the Contractor to review the outcomes against the acceptance criteria comprising sprint goals agreed quality criteria and KPIs.

Define specific actions to address issues and enhance the next sprint.

5.4. Sprint Payment:

Payment Schedule will be monthly for the completed and accepted sprints within the month.

For each sprint to be considered as complete and payable the Contractor must report the outcome of their service during the sprint first verbally during the retrospective sprint review meeting and then in writing within five days after the 4th sprints end date. A report must be sent by email to the NCIA Point of Contact listing all the service achieved against the agreed tasking list set for the sprint.

The Contractors payment will be depending upon the achievement of agreed Acceptance Criteria for each task defined at the sprint planning stage. This will include specific delivery targets quality standards as well as KPIs for each task.

The payment shall be dependent upon successful acceptance as set in the above planning/review meetings. This will follow the payment milestones that shall include a completed Delivery Acceptance Sheet (DAS) (Annex B)

Invoices shall be accompanied with a Delivery Acceptance Sheet (DAS) (Annex B) signed by the Contractor and project authority.

If the Contractor fails to meet the agreed Acceptance Criteria for any task the NCIA reserves the right to withhold payment for that task/sprint.

6. DELIVERABLES AND PAYMENT SCHEDULES

The following deliverables are expected from the service on this Statement of Work:

1) Complete the activities/tasks agreed in each sprint meeting as per sections 4 above.

2) Produce sprint completion reports (format: e-mail update) which include details of activities performed and the list of the deliverables of the week.

3) The Contractor will participate in the biweekly reporting and planning activities (biweekly stand-ups) as well as in workshops events and conferences related to the supported services as requested by the NCIA Point of Contact.

4) Payment schedule will be according to the payment milestones upon completion and validation of each sprint following the acceptance of the sprint report.

5) The Purchaser (NCIA) reserves the right to exercise a number of options of one or more sprints based on the same deliverables at a later time depending on the project priorities and requirements at the following cost: for base year (2026) at the same cost for following years (2027-2028) the Price Adjustment Formula will be applied in accordance with paragraph 6.5 of the Framework Contract Special Provisions.

6) The payment shall be dependent upon successful acceptance of the sprint report and the Delivery Acceptance Sheet (DAS) (annex B).

7) Invoices shall be accompanied with a Delivery Acceptance Sheet (annex B) signed by the Contractor and the NCIA Point of Contact.

7. BASE 2026 PERFORMANCE 02 JANUARY 2026 TO 31 DECEMBER 2026:

Deliverable: 46 sprints to support Operation & Maintenance of Active Directory Security Assessment Tool as per described in Para. 3 (Number of sprints is estimated and will be adjusted based on actual starting date.)

Payment Milestones: Payment Schedule will be monthly for the completed and accepted sprints within the month and at the end of the service. Completion of each sprint shall be documented in Delivery Acceptance Sheet (DAS) (Annex B) signed for acceptance by the Purchasers authorized Point of Contact and the Contractor

2027 AND 2028 OPTIONS: 02 JANUARY TO 31 DECEMBER

Deliverable: Up to 46 sprints to support Operation & Maintenance of Active Directory Security Assessment Tool as per described in Para. 3 (

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO115786 AAS Special Provisions article 6.5.

Payment Milestones: Payment Schedule will be monthly for the completed and accepted sprints within the month and at the end of the service. Completion of each sprint shall be documented in Delivery Acceptance Sheet (DAS) (Annex B) signed for acceptance by the Purchasers authorized Point of Contact and the Contractor

8. ACCEPTANCE AND REJECTION CRITERIA

a) Acceptance Criteria

1) Quality of service reached NATO standards;

2) Tasks are completed within the assigned time;

3) Performances are as defined by the Point of Contact.

b) Rejection Criteria

1) Quality of work is low;

2) Tasks are not completed within the assigned time;

3) Performances are not as defined by the Point of Contact.

c) A replacement will be requested if the Contractor meets the criteria as explained in rejection criteria.

d) Payment will not be done if the sprint is not completed.

9. COORDINATION AND REPORTING

The Contractor shall report the status of the following deliverables as required by the NCI Agency project team:

Deliverables (outputs) as described in 4. SCOPE OF WORK

The Contractor shall participate in daily status update meetings activity planning and other meetings as instructed physically in the office or via digital means using conference call capabilities according to the managers / team leaders instructions.

At the end of the project the Contractor shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level.

10. SCHEDULE

This task order will be active immediately after signing of the contract by both parties.

The period of performance is as soon as possible but not later than 02 January 2026 and will end no later than 31 December 2026.

If the 2027 option is exercised the period of performance is 02 January 2027 to 31 December 2027.

If the 2028 option is exercised the period of performance is 02 January 2028 to 31 December 2028.

11. PRACTICAL ARRANGEMENTS

This is a deliverables-based contract.

11.1. Place of Performance:

The NCSC ACPV Team is located in The Hague (TH) Netherlands and Braine LAlleud (BLA) Belgium.

The Contractor will be required to provide the service 100% on-site at NCIA BLA.

The location of performance might change to Mons or Brussels. This location change will not have an impact on the awarded price.

Exceptional Teleworking activities to support service delivery can also be arranged with the Point of Contacts coordination and approval.

11.2. Hours of Operation:

The service will be conducted during normal office hours following the NCIA Braine LAlleud calendar - Monday to Thursday from 08h30 until 17h30 and Friday from 08h30 until 15h30.

11.3. NCIA Furnished Property and Services:

NCI Agency will provide one NATO RESTRICTED REACH laptop to the Contractor during the execution of the Contract.

The Contractor shall return this laptop back to NCI Agency after completion of the Contract.

The Purchaser will provide the Contractor with the following Purchaser-Furnished Equipment (PFE):

Access to NATO sites as required for the purpose of executing this SOW.

Workspace (needed business IT for both on- and off-site service hot-desk at NCSC facility).

NCIA REACH laptop to be used by the Contractor for the execution of the contract.

11.4. Travel:

The Contractor may be required to travel to other NCI Agency or NATO locations for completing these tasks.

Travel expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive. The Contractor in accordance with the terms and conditions of the framework agreement will invoice them separately to the purchaser. These additional travel costs are considered an extra charge to the overall bid price.

11.5. Other:

The services under this SOW must be accomplished by ONE Contractor for the entire performance period.

12. CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project Point of Contact.

All documentation etc. will be stored under configuration management and/or in the provided NCIA tools.

13. SECURITY AND NON-DISCLOSURE AGREEMENT

The services performed under this SOW require that the assigned personnel have a valid NATO SECRET security clearance.

It is mandatory to have the candidate be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.

The signature of a Non-Disclosure Agreement between any Contractors individuals contributing to this task and NCIA will be required prior to execution.

14. REQUIRED PROFILE

See Requirements

14. REQUIRED PROFILE

For the execution of this contract the following qualifications are required:

• Nationally recognized/certified engineering university/college qualification with preferably Master of Science degree;
• Valid security clearance at minimum NATO SECRET level;
• Good knowledge of MS Office with a minimum of 2 years of experience.
• Prior experience with data visualisation tools (e.g. Power BI Tableau Grafana) and the Ability to analyse and interpret structured and unstructured data.
• Knowledge of cybersecurity fundamentals risk analysis threat modelling and secure data handling and Cyber Security tools e.g. vulnerability assessment forensic analysis log aggregation and correlation.
• Data sensitivity awareness. Understanding of handling classified or mission-critical information.
• Knowledge of multi-vendor switching routing and security technology with proven technical experience with in depth understanding of communication protocols (mainly TCP/IP stack and technology behind of each element in the stack) network and security technologies.
• Knowledge of NATO Accreditation process and document set required for Accreditation and potential presentation to NSAB.
• Ability to plan and execute assigned project tasks taking into account policies programme goals and priorities funding and other planning constraints.
• Ability to work on their own and as part of a team.
• Motivated good communication skills team player.
• Good communication skills (speaking reading writing listening) in English;
• At least 3 years in support of a Cyber Security environment.
• Prior experience of working in an international environment including both military and civilian elements for a minimum of 1 year (preferred).
• Knowledge/understanding of NATO responsibilities and organisation.
• Knowledge of NATO Communication and Information Systems Infrastructure (preferred).