2024-0098 NATO CS Role Mapping (NS) – MON 20 May

  • Anywhere

Deadline Date: Monday 20 May 2024

Requirement: NATO Contractor Support for Completion and consolidation of NATO Cybersecurity role mapping to SFIA and NICE framework

Location: Off-Site

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)”. Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Required Start Date: 17 June 2024

End Contract Date: 1 December 2024

Required Security Clearance: NATO SECRET

1. INTRODUCTION

1.1 At present, NATO has no standardized way to describe Cybersecurity (CS) related roles, nor the Knowledge, Skills and Abilities that are required to perform each of these roles successfully.

The ambiguity in role descriptions makes it difficult to identify and communicate NATO’s workforce requirements for personnel filling and develop cybersecurity-related positions. In addition, the lack of a standardized terminology to describe NATO CS roles makes identifying and curating existing commercial training solutions for these roles a labor intensive as well as subjective task. Lastly, there is no agreed baseline to establish a minimum level of competency for each role, that could be fed in to specific Training Needs Analysis, which makes the development of new learning solutions and career paths for NATO Cyber CS roles challenging.

1.2 The NCI Academy aims to mitigate above challenges by mapping each NATO Command Structure CS related position to industry standards and frameworks and describing the Tasks, Knowledge, Skills and Abilities (KSA’s) associated with each role in a standardized terminology. Subsequently, this work includes referencing the standardized description of NATO CS roles to relevant NATO and commercial training courses, that can be added as annexes to NATO CS job descriptions (JDs).

1.3 The frameworks that will provide the foundation for this mapping exercise are:

• The Skills Framework for the Information Age (SFIA), and;

• The National Initiative for Cybersecurity Education framework (NICE).

As the SFIA framework describes ‘ICT roles’ in a more generic sense, and the NICE framework describes roles with a focus on Cyber security, the two models can be regarded as complementary. In this work, each NATO CS role will be analysed and the associated duties will be mapped to the corresponding task descriptions of the SFIA and/or NICE framework. The role specific matches will subsequently be fed in to and tracked by a central database.

2. SCOPE OF WORK

2.1 Activities overview

Building on the existing mapping of NATO CS roles (conducted in 2023), the expert contractor team will carry out the specific tasks, per table 2-1 below:

Task 1: • Add the remaining mappings not completed in 2023: NSPA and remaining ACO/NCIA for approximately 100 NATO Job descriptions.

• The mappings will be in the same format as the 2023 mappings, and will include:

o A mapping of NATO JD duties to SFIA/NICE framework

o Concrete recommendations about which existing NATO and commercial training programs are relevant for the various NATO roles

o Engaging visual overviews to describe the SFIA/NICE mappings and training recommendations to NATO CS staff and their leaders

Task 2: • Consolidate the mappings of NATO CS roles to the SFIA/NICE framework that were conducted in 2023, and engage with the respective NATO entities (NATO entities with CS roles for which a mapping has been done to the SFIA/NICE framework in 2023: NATO Headquarters: Office of the Chief Information Officer (OCIO) and the Joint Intelligence and Security Division (JISD); SHAPE: J22, J2X, J6, and the NATO Cyber Operations Center (CyOC); NATO Communications and Information Systems Group (NCISG); NATO Communications and Information Agency (NCI Agency)). For each entity:

o Verify the mappings by comparing them to real-life on-the-job activities for each role

o Make an inventory of the current training offerings

o Update the mappings to new and evolving job descriptions

• Consolidate 2024 mappings of NATO CS roles to the SFIA/NICE framework (NSPA, remaining NCIA and ACO), and engage with the respective NATO entities. For each entity:

o Verify the mapping by comparing them to real-life on-the-job activities for each role

o Make an inventory of the current training offerings

o Update the mapping to new and evolving job descriptions

• After consolidation, develop a report that describes all mappings, and that includes:

o a verified mapping of NATO JD duties to SFIA/NICE framework

o concrete recommendations about which existing NATO and commercial training programs are relevant for the various NATO roles

o Engaging visual overviews to describe the SFIA/NICE mappings and training recommendations to NATO CS staff and their leaders

Task 3: Support a feasibility study to determine the long term strategy for hosting mappings (industry platform versus existing NATO platforms)

Task 4: Support the uploading of all mappings to a selected NATO platform

2.2 Roles and responsibilities

The completion and consolidation of mapping activities will be conducted in close collaboration between the contractor and the NCI Academy, as described below.

NCIA – NCI Academy: Managing Authority; NCIA Project Management; Cyber Training Lead; Learning Design and Development (LDD) Lead; Coordinator for NATO Cyber SMEs

Contractor: Complete and consolidate mapping of NATO CS roles to SFIA and NICE framework

3. SCHEDULE AND PRACTICAL ARRANGEMENTS

This is a deliverable based contract (completion type)

3.2 The work shall be conducted offsite (e.g. at the Contractor’s premises), with occasional travel if needed, to NATO offices in Brussels/Mons (Belgium, up to one trip) or The Hague (Netherlands, up to one trip). Any travel under this Contract requires the prior coordination with and approval of the NCIA Project Manager.

3.3 All travel and per diem costs shall be included in the Firm Fixed Price of this Contract, together with cost of lodging and subsistence costs for all individuals. There shall be no separate re-imbursement for travel and accommodation.

3.4 The work under Task ID #1 – # 4 (Table 2.1) shall be completed and the final report delivered to NCI Agency in a timely manner to achieve NCI Agency acceptance of the work no later than 1 December 2024.

3.5 The Purchaser’s representative for acceptance of deliverables under this Contract is the Branch Head Learning Design and Development in the NCI Academy.

3.6 Coordination and progress checks shall be conducted at least once per month during the period of performance with metrics reporting the work completed and work remaining, and during final report phase. These periodic checks can be accomplished remotely as equired.

3.7 Schedule of payments. An invoice shall be submitted and payment will be made after Purchaser’s written acceptance of the Delivery Acceptance Sheet (DAS) (Annex B) – based on the requirements described in this SOW – of the following deliverables:

Deliverable 1: Mapping completed of the remaining NATO CS roles to the NICE and SFIA framework (NSPA + remaining ACO entities), including training recommendations and visual overviews

Delivery Date: 1 July 2024

Amount (in % of total budget): 25%

Deliverable 2: Consolidation of 50% of the available NATO CS role mappings

Delivery Date: 15 September 2024

Amount (in % of total budget): 25%

Deliverable 3: Consolidation of 100% of the available NATO CS role mappings (as conducted in the 2023 project)

Delivery Date: 15 October 2024

Amount (in % of total budget): 25%

Deliverable 4: Support to the implementation of all mappings to a NATO approved platform

Delivery Date: 1 December 2024

Amount (in % of total budget): 25%

An invoice to include the duly signed DAS shall be submitted to the Purchaser for payment in accordance with the Contractual Terms and Conditions.

4. REQUIRED PERSONNEL QUALIFICATIONS

[See Requirements]

Requirements

4. REQUIRED PERSONNEL QUALIFICATIONS

4.1 Contractor Mapping activities – MANDATORY Requirements

The contractor should have the following experience:

  • The candidate must have a currently active NATO SECRET security clearance
  • Knowledge of / practical user experience with Cybersecurity
  • Experience with the NICE and SFIA framework
  • Experience with mapping NATO specific Cybersecurity job roles to the NICE and/or SFIA frameworks and/or related training offerings
  • Experience with working in an international environment comprising both military and civilian elements
  • Experience with working in/with NCI Agency and NATO
  • Experience with technical platforms to support competency based talent management / job role mapping (e.g. Lexonis)
  • Strong project management skills.

Language Proficiency:

  • Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level).