NATOIS-0036 Open-Source Intelligence Standardization Spec. (NS) MON 23 Mar

Bidding Instructions -Technical Proposal

Bidders shall include in the Technical Proposal:

1. CVs and Attestations of candidates clearly indicating relevant experience for the required qualification section 11 and desirable skills/experience section 12 in the Statement of work (SoW).

2. Compliance matrix referring how the candidate meets each of the requirements Scope of Work - section 2 required qualification - section 11 and desirable skills/experience - section 12 in the Statement of work (SoW).

Deadline Date: Monday 23 March 2026

Requirement: Open-Source Intelligence Standardization Specialist

Location: Mons BE

Full Time On-Site: Yes

Period of Performance: As soon as possible but not later than 13 April 2026 until 31 Mar 2027

Required Security Clearance: NATO SECRET

1 Introduction

The Intelligence and ISR (Intelligence Surveillance and Reconnaissance) Functional Services (IIFS) programme aims to enhance and accelerate NATOs situational awareness and decision-making by increasing and diversifying data sources integrating new tools and providing access to emerging and disruptive technologies.

NCIA is delivering the materiel solutions for IIFS which include enhanced capabilities for Imagery Intelligence (IMINT) Open-Source Intelligence (OSINT) Data Management Data Acquisition and Processing Exploitation and Dissemination (PED) Management.

As part of this effort ACO is tasked with delivering the Coherence Project which ensures doctrine and processes are revised to support the implementation of the material projects in a timely manner.

To drive interoperability across the NATO Command Structure and with Nations technical standards should be established to normalize and harmonize the formats representations and mechanisms by which data is shared enabling analysts to effectively make sense of it. The data can come from existing NATO/National systems/services Publicly Available Information (PAI) and Commercially Available Information (CAI).

2 Scope of Work

The scope of this project is to develop OSINT Technical Standardization Agreement(s) supporting standardized procedures and protocols to enable the sharing of open-source data and intelligence across the Alliance. Within this context the applicant will be assigned to SHAPE J26 and will be responsible for the following tasks:

• Review existing NATO STANAGs relevant to the OSINT standardization project and identify capability gaps;
• Collect and analyse existing standardization efforts ongoing within the Alliance (including Nations) and within industry including international standards;
• Gather standardization requirements from Allies and the NATO Enterprise to enable the structured sharing and exploitation of PAI/CAI and OSINT products;
• Develop the first draft of the OSINT standard and coordinate its review across the NATO Enterprise;
• Coordinate activities with Allies via the Open-Source Intelligence Working Group (OSIWG) a sub-working group of the Joint Capability Group Intelligence Surveillance and Reconnaissance (JCGISR);
• Consolidate a mature version of the OSINT standard for National promulgation either as an addendum to an existing STANAG or as a new standalone agreement;
• Support additional activities as urgent operational requests emerge depending on the candidates qualifications.

Close coordination of all activities with SHAPE J26 NCIA and JCGISR as well as strict adherence to agreed timelines is mandatory.

3 Roles and Responsibilities

This work will be carried out at SHAPE and remotely with travel to NCIA. The work will be conducted during normal office hours as specified in the General Provisions following the SHAPE Belgium calendar.

The Contractor will support the OSINT standardization project under the supervision of SHAPE J26 with support from NCIA JISR Centre the OSIWG Chair and the JCGISR Chair.

The Contractor shall conduct the work in close collaboration with all stakeholders as described below:

SHAPE J26 Intelligence Systems Branch: Project lead and main stakeholder

NCIA JISR Centre: Project Manager (PM) & Subject Matter Experts (SME) inputs

OSIWG Chair: OSINT SME inputs and access to points of contact from wider Alliance OSINT community

JCGISR Chair: STANAG guidance

4 Deliverables and Payment Schedule

It is expected that the contractor will deliver 4 main documents as outlined in the table below. Templates/ guidance on structure will be provided by SHAPE at the start of the contract.

T0 is the start of Contractors work.

Deliverable 01: Report assessing current NATO standards relevant to OSINT data management.

Timelines: T01 month

Acceptance Criteria: IAW SOW Section 5

Deliverable 02: Report capturing: National OSINT standardization requirements; Best practices related to OSINT standardisation from Nations and industry.

Timelines: T03 months

Acceptance Criteria: IAW SOW Section 5

Deliverable 03: First draft of OSINT standard

Timelines: T07 months

Acceptance Criteria: IAW SOW Section 5

Deliverable 04: Consolidated draft of OSINT standard (post coordination)

Timelines: T011 months

Acceptance Criteria: IAW SOW Section 5

Specific project requirements can be found at ANNEX B Project Aims and Requirements.

The OSINT standard shall be compliant with other NATO standards such STANAG 4545 (NATO Secondary Imagery Format NSIF) STANAG 7023 (NATO Air Reconnaissance Primary Imagery Data Standard NITF) as well as STANAG ADatP-03 Ed. B (Concept of NATO Message Text Formatting System). In addition any OSINT standard must align to STANAG 4559 (NATO Standard for ISR Library Interfaces and Services) for interoperability across the Alliance.

5 Acceptance Criteria

SHAPE will use the following acceptance criteria to approve the documents:

Completeness:

• All sections specified in the SoW are included
• No incomplete placeholder or draft content remains

Accuracy and Consistency:

• Content is factually accurate and internally consistent
• Terminology is defined and used consistently throughout

Compliance and Alignment:

• The document is aligned with applicable laws regulations and internal policies
• References to external standards or frameworks are provided where applicable
• Content has been coordinated with other stakeholders and does not contain duplications / contradictions of other standards. It builds upon existing efforts and identifies the delta

Usability and Clarity:

• Written in clear professional language appropriate for the target audience
• Processes requirements or guidance are actionable and unambiguous

Format and Presentation:

• Delivered in the agreed format and template
• Includes document control (version date owner)

Review and Acceptance Readiness:

• Suitable for formal approval and adoption
• Does not require material rework to meet intended purpose

If the contractor fails to meet the agreed acceptance criteria for any deliverable SHAPE J26 reserves the right to withhold payment for that deliverable.

6 Coordination and Reporting

The Contractor personnel will be part of a team under the primary supervision of SHAPE J26.

SHAPE J26 and the Contractor personnel will have regular meetings to review progress address issues and make necessary adjustments to the processes or production methodology. The meetings will be physically in the office or in person via electronic means using Conference Call capabilities according to the project teams instructions.

The Contractor personnel shall establish a continuous feedback loop to gather input from all stakeholders for ongoing improvements and their subsequent implementation depending on SHAPE J26 approval.

7 Schedule

This task order will be active immediately after signing the contract by both parties.

The BASE period of performance is as soon as possible but not later 13 April 2026 and will end no later than 31 March 2027.

8 Security

All Contractors/Sub-contractors shall be aware of all security rules pertaining to the handling of NATO classified information.

Personnel Security Clearance (PSC): Individuals who require access or may have access to information classified NC or above during the course of their duties shall have a PSC at the appropriate level which is valid for the duration of the authorized addition such individuals are required to: Have a need-to-know; Have been briefed on their security obligations in respect to the protection of NATO Classified Information; and Have acknowledged their responsibilities either in writing or an equivalent method which ensures non-repudiation.

For this particular SOW the contractor will be required to access to NS level information.

The work will be carried out at SHAPE remotely with potential meetings at NATO Command Structure Sites and NCIA.

9 Constraints

All the documentation provided under this statement of work will be based on SHAPE J26 templates/ guidance on the structure which will be sent to the contractor at the start of the activity.

All support maintenance documentation and required code will be stored under configuration management and/or in the provided SHAPE tools.

All developed solutions tools and code under this project will be property of the NATO.

10 Travel

The primary location of work is SHAPE Mons case of flexible working travel to and from SHAPE will be at the contractors expense. The expected level of travel is listed below and shall be included in the cost:

NCIA The Hague NLD (potential):1 travels 3 days

JFCs (potential) or other NATO Command Structure/NATO Force Structure sites: 3 travels 3 days

OSIWG (potential): 2 travels 3 days

11 General Requirements

A Sole contractor must accomplish this work and is identified as the primary contractor for each the event that the contractor leaves during the contract period a new contractor who has the proven required qualifications and is evaluated qualified and suitable shall replace them having received training and handover of the performed history of the project. All normal NCIA Terms and Conditions apply.

12 Requirements

See Requirements

13 General Provisions

SHAPE Recognized Business hours/Holidays: SHAPE official holiday schedule applies and will be provided to the contractor.

SHAPE Hours of Operations: Monday to Thursdayand Friday(CET)

Annex B Project Aims and Requirements

1. Data Standardization and Structuring

• Common Data Formats: Ensuring that OSINT products (e.g. reports imagery metadata) use standardized formats such as JSON XML or STIX/TAXII (for cyber OSINT).
• Metadata Consistency: Harmonizing metadata fields (e.g. source reliability time stamps geolocation) to support effective ingestion filtering and fusion across systems.
• Language & Translation: Multilingual data must be normalized which requires shared language models or translation standards.

2. Platform and Tool Compatibility

• Software Interoperability: Different nations may use different OSINT platforms (e.g. Maltego Palantir IBM i2 or open-source tools). The standard must support APIs or data exchange interfaces that allow tool-to-tool communication.
• Modular Integration: Maintain visibility of microservices or containerized deployments (e.g. Docker/Kubernetes) to enable coalition Nations to integrate shared tools without altering core infrastructure.
• AI/ML Models: If AI is used to analyse OSINT model formats and training data need to be shared or at least standardized for interpretability and comparability. This links with wider AI-ISR related work that JCGISR is pursuing.

3. Access Control and Information Assurance

• Provenance Tracking: Nations (and NATO) must be able to verify the origin and handling of data (chain of custody) especially for politically or legally sensitive content.
• Data Classification & Labelling: Even OSINT may be sensitive. Adoption of existing data tagging schemes (e.g. NATOs STANAG 4774/4778) ensures nations understand how OSINT data can be used retained and shared.
• Role-Based Access Control (RBAC): Accommodate the need for granular user and group-level permissions to reflect national policies and trust levels.

4. Governance and Policy Alignment (Tech-Enabled)

• Audit and Compliance Tools: Logs must be interoperable for audit trails across national boundaries.
• Legal Interoperability Support: Tools should support differential handling of OSINT based on national laws (e.g. GDPR in Europe vs. more permissive U.S. frameworks).
• Version Control: Shared OSINT reports must have trackable versions with edit history allowing rollback and comparison across Nations.

5. Ontology and Semantic Interoperability

• Shared Taxonomies and Tags: Common terminologies (e.g. threat actor names location codes) reduce misinterpretation. Mandate and leverage existing ontologies like NATOs COI taxonomies (and the new CXCSRM from NDS) to aid interoperability of OSINT.
• Natural Language Understanding (NLU): For unstructured OSINT (like social media) ensure consistent semantic parsing across languages and platforms.

6. OSINT and Cybersecurity

• Secure Software Supply Chains: Tools used for OSINT must themselves be vetted to avoid adversarial manipulation. This activity will required standardisation and links to wider trust and provenance assessment work.

Additionally any new OSINT technical standard agreements and supporting standardised procedures and protocols must support existing NATO Network and Communication Interoperability by ensuring compliance with:

• Secure Data Sharing Channels: Use encrypted communication protocols (TLS VPNs) and ideally a federated architecture to maintain national data sovereignty.
• Latency and Syncing: Variations in national infrastructure may cause delays or inconsistent data replicationrobust caching and sync logic is needed.
• Cross-Domain Solutions (CDS): Where OSINT is shared across classified/unclassified boundaries trusted gateways or data diodes must be included in the architecture.

12 Requirements

Required qualifications

• Nationally recognized/certified university qualification in Computer Science and/or Data Science. Or exceptionally the lack of a university degree may be compensated by the demonstration of a candidates particular abilities or experience that is/are of interest to SHAPE J26 that is at least 3 years extensive and progressive expertise in duties related to the function of the post (e.g. standardization);
• Valid security clearance as from contract start date at minimum NATO SECRET level;
• Knowledge and experience with cloud service models and data platform services;
• Excellent knowledge of Open-Source International Standards
• Good knowledge of Open-Source Intelligence formats and metadata;
• Good knowledge of data management in a complex multi-network/multi-user environment;
• Solid experience in working in a Microsoft environment with shared data access;
• Fluent in Business English;

Desirable skills/experience:

• Ability to independently plan and execute assigned project tasks under guidance taking into account policies programme goals priorities funding and other planning constraints;
• Ability to work on its own and as part of a team;
• Highly motivated good communication skills team player;
• NATO and/or military experience;
• Knowledge of Microsoft Word/Excel PowerPoint.