2024-0314 Security Risk Support for NCSC, NGCS, NSVoS and NWSVTC

Under the direction/guidance of
NCIA or delegated staff, and in cooperation with NATO Infrastructure Services
Centre (NISC) and the Accreditation Support Office (ASO), the contractor is
tasked to develop a set of documentation for security accreditation of:  

• The main purpose of requested accreditation
  document set (ADS) will be documentation of compliance with relevant NATO
  security directives.   
  
• The service-based contractor will focus on
  providing the standard ADS, consisting of:  
  
• CIS description;  
  
• Security Accreditation Plan (SAP);  
  
• Security Risk Assessment (SRA);  
  
• System-specific Security Requirement Statement
  (SSRS);  
  
• Security Operating Procedures (SecOPs); -  Security Test and Verification Plan (STVP).  
  
• The ADS will be subject to approval by NATO
  Security Accreditation Authorities (SAAs) (this approval is not in scope of the
  incumbent’s activities).  
  
• Gain familiarity with the relevant NATO security
  directives as indicated by the NCSC PoC.  There will be two directives specifically, 170 pages in total.  
  
• Gain familiarity with previous versions of
  description of NATO General Communication System (NGCS), NATO Wide Studio
  VideoTeleConferencing ( NWSVTC) and NATO Secure Voice Services (NSVoS) (7
  documents, ca 250 pages in total)  
  
• Gain familiarity with provided examples of
  Security Requirement Statements and Security Test and Verification Plans; see
  example of sample template (unpopulated) in Enclosure 2; and  
  
• Engage with NCSC ASO, NISC and NDWC SMEs
  (through a variety of workshops or meetings) to ensure that implementation of
  requirements from relevant NATO security directives by NGCS, NWSVTC and NSVoS
  are adequately addressed in requested ADS (SRA, SSRSs, SecOPs and STVPs).  
  

Requirements

• Required skillset of the proposed contractor is
  extensive knowledge and experience (more than 5 years) in the following areas:  
  

Ø  General, wide breadth knowledge of cyber
security principles, best practices, concepts and technology;

Ø  Solid knowledge of cyber security, including
boundary protection, encryption, identity and access management, monitoring and
detection, incidence response, vulnerability assessments, and risk management;

Ø  Familiarity with system accreditation and
deployment of CIS;

Ø  Knowledge and experience in testing and
validating that contracted deliveries meet the security requirements and fulfil
the intended use-cases;

Ø  Familiarity with NATO security policy and
supporting directives is desirable

Ø  Familiarity with PILAR (tool for security risk
assessment) is desirable;

Ø  Familiarity with NGCS and its subsystems is
desirable,

Ø  Familiarity with NWSVTC and NSVoS is desirable;

•  Ability to work independently and in teams to
  achieve the desired goals.  
  
• The ability to take ownership of tasks and
  strong motivation to accomplish them to the end.  
  
• Excellent communications and writing skills in
  English.  
  
• Responsible
  for complying will all applicable local employment laws, in addition to
  following all NCIA on boarding procedures. Delivery of the service cannot begin
  until these requirements are fulfilled.