2023-0002 Mapping NATO Cyber Security roles to the NICE and SFIA framework (NS)
Deadline Date: Wednesday 18 January 2023
Requirement: NATO Contractor Support for Mapping NATO Cyber Security roles to the NICE and SFIA framework
Location: Off-Site
Full time on-site: No
NATO Grade: A/110000 EUR
Required Start Date: 15 February 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
NATO Contractor Support for Mapping NATO Cybersecurity (CS) roles to the NICE and SFIA framework
Table of Contents
1. INTRODUCTION
2. SCOPE OF WORK
3. SCHEDULE AND PRACTICAL ARRANGEMENTS
4. REQUIRED PERSONNEL QUALIFICATIONS
1. INTRODUCTION
1.1 At present, there is no standardized way in NATO to describe Cybersecurity (CS) related roles, nor the Knowledge, Skills and Abilities that are required to perform each of these roles successfully.
The ambiguity in role descriptions makes it difficult to identify and communicate NATO’s workforce requirements for personnel filling and developing cybersecurity-related positions. In addition, the lack of a standardized terminology to describe NATO CS roles makes identifying and curating existing commercial training solutions for these roles a labor intensive as well as subjective task. Lastly, there is no agreed baseline to establish a minimum level of competency for each role, that could be fed in to specific Training Needs Analysis, which makes the development of new learning solutions and career paths for NATO Cyber CS roles challenging.
1.2 The NCI Academy aims to mitigate above challenges by mapping each CS related position in the NATO Command Structure to industry standards and frameworks, and by describing the Tasks, Knowledge, Skills and Abilities (KSA’s) that are associated with each role in a standardized terminology. Subsequently, this work includes referencing the standardized description of NATO CS roles to relevant NATO and commercial training courses, that can be added as an annex to NATO CS job descriptions (JDs).
1.3 The frameworks that will provide the foundation for this mapping exercise are:
• The Skills Framework for the Information Age (SFIA), and;
• The National Initiative for Cybersecurity Education framework (NICE).
As the SFIA framework describes ‘ICT roles’ in a more generic sense, and the NICE framework describes roles with a focus on Cyber security, the two models can be regarded as complementary. In this work, each NATO CS role will be analysed and the associated duties will be mapped to the corresponding task descriptions of the SFIA and/or NICE framework. The role specific matches will subsequently be fed in to and tracked by a central database.
2. SCOPE OF WORK
2.1 Activities overview
Building on the existing inventory of NATO CS roles (developed in 2022), the expert contractor team will carry out the specific tasks, per below:
2023 TASKS AND DELIVERABLES
Task ID 1: Implement the selected technical platform for the recording of all mapping results. Deliverables included in this task:
• Database in place in which all mapping results can be stored
• Reporting capability enabled in order to provide numerical and visual dashboards and reports
Task ID 2: Map Job Description (JD) duties to the SFIA framework. Deliverables included in this task:
• For each NATO CS JD in scope:
- Complete mapping of the respective duties to the SFIA framework
- Concrete recommendations articulated to existing NATO and commercial training programs
Task ID 3: Map JD duties to the NICE framework. Deliverables to be included in this task:
• For each NATO CS JD in scope:
- Complete mapping of the respective duties to the NICE framework
- Concrete recommendations articulated to existing NATO and commercial training programs
Task ID 4: Develop annex and visual overviews. Deliverables to be included in this task:
• For each NATO CS JD in scope: Annex and visual overviews developed to describe the SFIA/NICE mappings and training recommendations to NATO CS staff and their leaders
Task ID 5: Generate NATO-wide picture of CS role training requirements. Deliverables to be included in this task:
• Across all JDs: NATO-wide picture generated of the NATO CS roles, mapped to the associated NATO and commercial training offerings
.
Cost not to exceed 2023 (including travel): EUR 110,000 EUR
2.5 Roles and responsibilities
The development of training needs analysis will be conducted in close collaboration between the contractor and the NCI Academy, as described below, and will be based on the NATO standards (Ref A):
NCIA – NCI Academy:
- Managing Authority
- NCIA Project Management
- Cyber Training Lead
- Learning Design and Development (LDD) Lead
- Coordinator for NATO Cyber SMEs
Contractor:
- Conduct analysis and mapping of all NATO CS roles to SFIA and NICE framework
3. SCHEDULE AND PRACTICAL ARRANGEMENTS
This is a deliverable based contract (completion type)
3.2 The work shall be conducted offsite (e.g. at the Contractor’s premises), with occasional travel to the Purchaser’s site in Oeiras (Portugal) (up to 1 trip) and to NATO offices in Brussels/Mons (Belgium, up to 1 trip) or The Hague (Netherlands, up to one trip), if needed. Any travel under this Contract requires the prior coordination with and approval of the NCIA Project Manager.
3.3 All travel and per diem costs shall be included in the Firm Fixed Price of this Contract, together with cost of lodging and subsistence costs for all individuals. There shall be no separate re-imbursement for travel and accommodation.
3.4 The work under Task ID #1 (Table 2.1) shall be completed and the final report delivered to NCI Agency in a timely manner to achieve NCI Agency acceptance of the work no later than 15 December 2023.
3.5 The Purchaser’s representative for acceptance of deliverables under this Contract is the Branch Head Learning Design and Development in the NCI Academy.
3.6 Coordination and progress checks shall be conducted at least once per month during the period of performance with metrics reporting the work completed and work remaining, and during final report phase. These periodic checks can be accomplished remotely as required.
3.7 Schedule of payments.
An invoice shall be submitted and payment will be made after Purchaser’s written acceptance of the Delivery Acceptance Sheet (DAS) (Annex B) – based on the requirements described in this SOW - of the following deliverable:
Deliverable 1: Database in place in which all mapping results can be stored, analysed and reported on
Delivery Date: 28 May 2023
Amount (in % of total budget): 15%
Deliverable 2: Mapping completed of the respective NATO CS roles to the SFIA framework
Delivery Date: 28 May 2023
Amount (in % of total budget): 15%
Deliverable 3: Mapping completed of the respective NATO CS roles to the NICE framework
Delivery Date: 28 June 2023
Amount (in % of total budget): 15%
Deliverable 4: Mapping completed of the SFIA framework to recommended NATO and commercial training programs
Delivery Date: 28 June 2023
Amount (in % of total budget): 15%
Deliverable 5: Mapping completed of the NICE Work Roles to recommended NATO and commercial training programs
Delivery Date: 28 July 2023
Amount (in % of total budget): 15%
Deliverable 6: For each NATO CS JD in scope: Annex and visual overviews developed to describe the SFIA/NICE mappings and training recommendations to NATO CS staff and their leaders
Delivery Date: 4 December 2023
Amount (in % of total budget): 15%
Deliverable 7: Across all JDs: NATO-wide picture generated of the NATO CS roles, mapped to the associated NATO and commercial training offerings
Delivery Date: 4 December 2023
Amount (in % of total budget): 10%
An invoice to include the duly signed DAS shall be submitted to the Purchaser for payment in accordance with the Contractual Terms and Conditions.
Requirements
4. REQUIRED PERSONNEL QUALIFICATIONS
4.1 Contractor Mapping activities – MANDATORY Requirements
The contractor should have the following experience:
- The candidate must have a currently active NATO SECRET security clearance
- Knowledge of / practical user experience with Cybersecurity
- Experience with the NICE and SFIA framework
- Experience with an NATO Enterprise wide mapping of NATO Cybersecurity job roles to the NICE and/or SFIA frameworks and/or related training offerings
- Experience with working in an international environment comprising both military and civilian elements
- Experience with working in/with NCI Agency and NATO
- Experience with technical platforms to support competency based talent management / job role mapping (e.g. Lexonis)
- Strong project management skills.
Language Proficiency:
- Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level).