Cryptographic situational awareness capability (CSAC)

Description

This is a notification of an international competitive bidding to procure and sustain cryptographic situational awareness capability (CSAC).

CSAC is needed to support cryptography-related business and information management processes within NATO.

The formal invitation for bid (IFB) is expected in Q2 2022. The contract award is expected no later than Q1 2023.

Firms from all 30 NATO Member Nations may respond to future solicitation once issued.

Firms that wish to participate in this procurement must be nominated to the NCI Agency through their national delegation to NATO.

Such nomination must be accompanied by:

- a “Declaration of Eligibility” (DoE)
- certification of their security clearances executed by their national authorities

Direct requests for participation will not be considered.

A DoE will be submitted on your behalf after you respond to this export opportunity.

Your DoE should include the following information for each of the nominated companies:

- company name and address
- point of contact with a telephone number and email address

If successful, you will be required to handle and store classified information up to the level of 'NATO RESTRICTED'.

Contractor personnel may be required to work unescorted in Class II (2) security areas. Therefore, access can only be given to cleared individuals.

Only companies maintaining such cleared facilities and the appropriate personnel clearances will be able to perform the resulting CSAC contract.

Summary of the requirements

1. Description of project background

1.1. Cryptographic services protect information at strategic to tactical levels of operations, in static and deployed environments, and are implemented through hardware and software products. It is paramount for NATO to know precisely its cryptographic capability’s operational state and that it is maintained to its fullest operational potential.

1.2. To meet this intent, NATO currently leverages two authoritative data sources (ADS), the Communications Security (COMSEC) Accounting, Reporting and Distribution System (CARDS) and the NATO Information Assurance Product Catalogue (NIAPC). There is typically a manual correlation between the two ADS with additional inputs to produce ad-hoc COMSEC reports. This contract will provide the capability to enhance the effectiveness and efficiency of stakeholders to track, update, query and report on operational COMSEC status.

1.3. Although there are a variety of operational staff user entities, the CIS platform that is delivered by this project is to be deployed within the standard NCI Agency data centre environment and maintained at the technical level by NCI Agency staff.
1.4. As per NATO acquisition rules, NATO seeks to expand availability of the opportunity through an International Competitive Bid.

2. Description of Project Scope

2.1. The principal output of the Cryptographic Situational Awareness Capability (CSAC) will be a logical dataset, the “Allied Cryptographic Repository” (ACR). The composition of the CSAC will reflect the maturity of the Alliance’s data gathering capability and shall therefore exploit the ACR and provide dashboards and reports on the following topics:
a) Cryptographic items (devices, software, personalities, keys, algorithms), including dashboards and detailed reports on their inventory (by network/operation), effectiveness, efficiency and life-expectancy;
b) Products that are or may become available for NATO usage including approval status;
c) Issues and risks (and related mitigation plans) connected with any cryptographic item in use or combination of thereof;
d) Crypto management decisions and actions, along with issue owners, actioners and deadlines;
e) Crypto device interoperability matrix; and
f) Impact analysis of planned or actual non-availability of cryptographic items and mitigation options based on availability of alternative cryptographic solutions.

2.2. The scope of work supplied in this contract shall include:
a) The establishment of an appropriate Information Management Application, called the Cryptographic Situational Awareness Tool (CSAT), that will interface with relevant authoritative data sources;
b) The development of the solution according to a pre-agreed project methodology;
c) The conduct of the testing, providing supporting evidence that the solution meets the requirements;
d) O&M years 1 through 5 exercisable at the discretion of the Host Nation;
e) System documentation
• E.g. Configuration details, Support plans, Support Resource estimates
f) Training material preparation and conduncting classroom and online sessions based on the need to ensure that the service can be sustained after the delivery of the project. This shall include:
• Technical level training on the Operating system if the chosen solution deviates from standard NATO CIS Operating Systems
• Technical level training to expert level on the vendors provisioned solution to allow NATO personnel to maintain the service
• Operating level training to allow NATO personnel to operate the vendors provisioned solution
• As well as a demand driven online training module through the use of commercial cloud services.

3. Description of Operational/Functional Requirements

3.1. Data entry and manipulation interfaces including import and export from database tables and generation of local copies to be distributed to users without direct access to the CSAC.

3.2. Detailed access controls to map authorization of individual users to allow tailored user identification and authentication.

3.3. Flexible modification and configuration of the data model.

3.4. Availability of standard (pre-configured) and customizable queries, views and reports.

3.5. Process to tracking risks, issues, actions and management decisions including notification to the stakeholders about assigned tasks and actions.

3.6. Document storage that allows to store internal to CSAC and linking to documents both internally and externally.

3.7. Provides product catalogue including products that are approved or under assessment, and details their current or planned usage (e.g. network, systems, operations, etc.).

4. Implementation Strategy

4.1. To the greatest extent possible, the Contractor will design the solution leveraging existing applications on the Approved Fielded Product List (AFPL). An overall architecture will be proposed by the Contractor and agreed with the NCI Agency.

4.2. The solution will be designed by the Contractor and will be subject to intermediate reporting and a Factory Acceptance Test (FAT), before being accepted by the NCI Agency for implementation.

4.3. The capability will be installed and hosted on existing Core Enterprises Services virtual platform infrastructure.

4.4. Vulnerability testing and any remediation will be carried out as part of the Change Management process.

4.5. The solution will be procured and maintained by NATO as per a NATO Owned / NATO Operated (NONO) scenario.

4.6. Contractor’s internal Life Cycle Management (LCM) process and system will be required to comply with STANAG 4728 “System Life Cycle Management (SLCM)”.

Opportunity closing date

28 January 2022

Value of contract

£1m-5m

The buyer is happy to talk to

manufacturers, wholesalers, distributors, agents, consultants