Job Specifications
Deadline Date: Thursday 3 April 2025
Requirement: Active Directory Security Assessment Data Analysis and Reporting
Location: Mons, BE
Full Time On-Site: Yes
Time On-Site: 100%
Period of Performance: 2025 BASE: As soon as possible but not later than 12 May 2025 until 31 December 2025.
2026 OPTION: 1 January 2026 until 31 December 2026
Required Security Clearance: NATO SECRET
PURPOSE
The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the data analysis and reporting of data reported by Active Directory Security Assessment Tool to be conducted by the selected company.
The purpose of the work package is to provide support to NATO Cyber Security Centre (NCSC) to fulfil identified Active Directory Security Assessment Tool data analysis and reporting activities more effectively.
BACKGROUND
The Office of the CIO (OCIO) Enterprise Cyber Security Posture Improvement project focuses on acquisition and implementation of state-of-art tools to enhance Enterprise-wide cybersecurity capabilities considering the key cybersecurity functions.
NCIA initiated a project and procured Active Directory Security Assessment Tool (Tenable Identity Exposure) providing identity unification and risk scoring, real‑time attack detection and continually assessing directory services security in real‑time, eliminate attack paths that lead to domain domination, and investigate and inform.
To support NCSC for the execution of tasks identified in the subject work package of the project, the NCIA is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability.
This contract is to provide consistent support on a deliverable-based (completion-type) contract, to NCSC contributing to its POW based on the deliverables that are described in the scope of work below.
SCOPE OF WORK
The aim of this SOW is to support NCSC with technical expertise specifically related to the operation and maintenance of Active Directory Security Assessment Tool with a deliverable-based contract to be executed in 2025.
This task includes data analysis and reporting of data reported by the Active Directory Security Assessment Tool. For the provision of consistent support and the execution of the task, NCIA will get subject matter expertise from the industry with a service (deliverable based/completion type) based AAS framework contract in the delivery of requested capability.
Active Directory data analysis and reporting give visibility and insight on the networks into Active Directory environment, which in turn is critical to effective Active Directory management, strong security and compliance, and efficient migrations and consolidations. Effective Active Directory data analysis and reporting will also ensure NATO to monitor Active Directory users and groups including permission levels, inactive users/accounts and group policy settings, user entitlements, user activities, event trends, suspicious patterns, etc.
More broadly, NATO needs to be able to monitor the configuration of its domain controllers in order to prevent exploitation by malicious threat actors.
Under the direction / guidance of the NCSC Point of Contact, a contractor will be the part of the NCSC Team supporting the following activities:
Ensuring data accuracy and up-to-date data for Active Directory (AD) Security issues:
Ensure accurate and up-to-date AD data is collected from the different Domains in scope,
Security baselines are configured based on industry best practice and NATO policies,
Review existing policies, fine tune and improve them at the same time,
Report to the Tool Managers any technical issues, such as connectivity problems between Tenable Identity Exposure and other integrated systems or errors in scans or reports,
Follow up the new releasing of the security solutions to consider the implementation of new features or capabilities
Monitoring, analysing the collected data, prioritizing based on risk assessment for Active Directory (AD) Security issues:
Monitor the solution daily
Identify the potential security issues
Ensure that the collected data is analysed
Prioritize the remediation actions based on the previous point
Reporting Active Directory (AD) Security issues:
Critical vulnerabilities will be reported within 4 hours since identified
High vulnerabilities will be reported within 8 hours since identified
Deliver a comprehensive vulnerability report to each stakeholder under you area of responsibility taking into account all vulnerabilities posing a security risk, remediation actions recommended to the system/application owners and the status of the recommended actions. The weekly report is expected to be delivered each Wednesday/Thursday before Close of Business
Ensure that the reported information is also available via PowerBI dashboard (or similar)
Report to the corresponding AD management teams the prioritized remediation actions based on the analysis done on point 2.c/2.d)
Record the defined KPIs to follow up the trend of AD Security issues
Remediation actions for Active Directory (AD) Security issues:
Follow up and verify that the reported security issues have been remediated
Follow the escalation process in case the reported security issues have not been fixed
Documentation:
Document configuration and changes: Keep up-to-date documentation of all configurations, baselines, troubleshooting procedures,
Keep a lessons learnt document
User access Management:
Review the list of users with access to the security solution,
Verify that only the required users have access to the solution,
Coordinate with the Tool Managers any issue with the User access management
Automation and Scripting
Improve processes efficiency: Identify areas where automation could reduce manual intervention and improve operational efficiency
The measurement of execution for this work is sprints, with each sprint planned for a duration of 1 week.
DELIVERABLES AND PAYMENT MILESTONES
The following deliverables are expected from the work on this SoW in 2025:
Deliverable: 30 sprints to support Active Directory Security Assessment Data Analysis and Reporting as per described in Para 3
Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) - (Annex B), signed for acceptance by the Purchaser's authorized point of contact and the Contractor
Number of sprints is calculated considering a starting date 12 May 2025. This will be adjusted based on actual starting date.
The Purchaser (NCIA) reserves the right to exercise a number of options of one or more sprints based on the same deliverables, at a later time, depending on the project priorities and requirements, at the same cost.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) - (Annex B).
Invoices shall be accompanied with a Delivery A...
About the Company
EMW was founded in 1995 by engineers and managers who formerly held senior positions in well known telecommunications and information technology companies to pursue their vision for this new company.
Our core business is providing information and communication technology services in the areas of planning, engineering and implementation; project and program management; systems integration; operations and maintenance; and training. Our competencies range over all aspects of inside and outside plant; feeder, access and inter-o...
Know more