Description

The NATO Communications and Information Agency (NCIA) intends to issue a Request for Quotation (RFQ) to establish a Framework Agreement for the provision of Incident Response (IR) services and surge capacity. Under the Agreement, NCIA will engage qualified industry partners to provide NATO with immediate access to specialized expertise, advanced technologies, and scalable resources to effectively prepare for, manage, mitigate, and recover from cyber security incidents. Potential U.S. prime contractors must 1) maintain a professionally active facility (office, factory, laboratory, etc.) within the United States, 2) hold a Facility Security Clearance (FCL) at the level of SECRET or higher, 3) be pre-approved for participation in NATO Competitive Procurement (NCP), 4) be issued a Declaration of Eligibility (DOE) by the Department of Commerce (DOC), and 5) register with NCIA's eProcurement tool, Neo: https://www.ncia.nato.int/business/procurement/neo-eprocurement In addition, contractor personnel will be required to work unescorted in Class II Security areas. Therefore, access can only be permitted to cleared individuals. Only companies maintaining such cleared facilities and the appropriate personnel clearances will be able to perform the resulting contract. The reference for the RFQ is RFQ-CO-424362-IR and all correspondence concerning the RFQ should include this reference. DESCRIPTION OF REQUIREMENT The Framework will be divided into two Schedules to reflect the nature of the IR requirements of NCIA: Schedule A - IR Retainer: IR services will be procured via a prepaid retainer credit model. The retainer will cover 24/7/365 operational readiness and surge capacity for remote and on-site support. The IR Retainer credits will be managed through a Contractor-owned platform, providing an overview of available and spent credits, a top-up and carry-over mechanism, and monthly reporting. The IR Retainer will be renewed annually via Task Orders. Schedule B - On-Demand Cyber Security Services: NCIA will procure cyber security services for proactive and reactive incident handling from a non-exhaustive catalogue included in the SOW. The services will be procured on an as-needed basis and requested via Task Orders. Each Task Order shall define the scope, objectives, deliverables, required personnel and clearances, and place of performance for each requirement. The IDIQ Contractor(s) shall deliver both Schedule A and Schedule B services for the duration of the Framework Agreement, which is expected to be for a 3-year period. BECOMING ELIGIBLE TO BID NCP requires that the U.S. Government issue a DOE for potential U.S. prime contractors interested in this project. Before the U.S. Government can do so, however, the U.S. Government must approve the U.S. firm for participation in NCP. U.S. firms are approved for NCP on a facility-by-facility basis. The U.S. NCP application is a one-time application. The application requires supporting documentation in the form o…

Classification

Contacts