No attachments available.
NATO Business Opportunity: Provision of Incident Response Services and Surge Capacity
Contact and place of performance
Lee Ann Carpenter
BEL
The NATO Communications and Information Agency (NCIA) intends to issue a Request for Quotation (RFQ) to establish a Framework Agreement for the provision of Incident Response (IR) services and surge capacity. Under the Agreement, NCIA will engage qualified industry partners to provide NATO with immediate access to specialized expertise, advanced technologies, and scalable resources to effectively prepare for, manage,...
View moreThe reference for the RFQ is RFQ-CO-424362-IR and all correspondence concerning the RFQ should include this reference.
DESCRIPTION OF REQUIREMENT
The Framework will be divided into two Schedules to reflect the nature of the IR requirements of NCIA:
Schedule A - IR Retainer: IR services will be procured via a prepaid retainer credit model. The retainer will cover 24/7/365 operational readiness and surge capacity for remote and on-site support. The IR Retainer credits will be managed through a Contractor-owned platform, providing an overview of available and spent credits, a top-up and carry-over mechanism, and monthly reporting. The IR Retainer will be renewed annually via Task Orders.
Schedule B - On-Demand Cyber Security Services: NCIA will procure cyber security services for proactive and reactive incident handling from a non-exhaustive catalogue included in the SOW. The services will be procured on an as-needed basis and requested via Task Orders. Each Task Order shall define the scope, objectives, deliverables, required personnel and clearances, and place of performance for each requirement.
The IDIQ Contractor(s) shall deliver both Schedule A and Schedule B services for the duration of the Framework Agreement, which is expected to be for a 3-year period.
BECOMING ELIGIBLE TO BID
NCP requires that the U.S. Government issue a DOE for potential U.S. prime contractors interested in this project. Before the U.S. Government can do so, however, the U.S. Government must approve the U.S. firm for participation in NCP. U.S. firms are approved for NCP on a facility-by-facility basis.
The U.S. NCP application is a one-time application. The application requires supporting documentation in the form of 1) a company resume or capability statement indicating contracts completed as a prime contractor and 2) an annual report or set of financial documents indicating compilation, review, or audit by an independent CPA.
U.S. firms can download a copy of the U.S. NCP application from the following website:
https://www.bis.gov/about-bis/bis-leadership-and-offices/SIES/business-opportunities-nato
DOC is the U.S. Government agency that approves NCP applications. Please submit to the email address provided your application and supporting documentation (as attachments). If your firm is interested in a specific NCP project, please also include the following in the TEXT of your email:
- the title and/or solicitation number of the project
- the name/phone/email of the company employee who should receive the bid documents
After approval of your one-time NCP application, DOC will then know to follow up by issuing a DOE for the project. DOC will transmit the DOE to the NATO contracting agency.
IMPORTANT DATES:
Request a DOE (and, for firms new to NCP, submit the one-time NCP application): 04 June 2026
NCIA distributes the RFQ (planned): 30 June 2026
Bid Closing (anticipated): 15 August 2026
Contract Award (estimated): 15 November 2026
The Bureau of Industry and Security, on behalf of the NATO Communications and Information Agency (NCIA), has announced a business opportunity for the provision of Incident Response services and surge capacity under solicitation number RFQ-CO-424362-IR. This requirement seeks to establish a Framework Agreement with qualified industry partners to provide specialized expertise, advanced technologies, and scalable resources for managing and recovering from cybersecurity incidents. The agreement will be structured into two schedules: Schedule A for a prepaid retainer credit model providing 24/7/365 operational readiness, and Schedule B for on-demand proactive and reactive cybersecurity services. The anticipated duration for the Framework Agreement is three years, with performance primarily located in Belgium.
Potential U.S. prime contractors must maintain a professionally active facility in the United States and hold a Facility Security Clearance of Secret or higher, as personnel will work unescorted in Class II Security areas. Eligibility requires pre-approval for NATO Competitive Procurement (NCP) and the issuance of a Declaration of Eligibility (DOE) by the Department of Commerce. This opportunity is classified under NAICS 541519 for Other Computer Related Services and PSC R425 for Support- Professional: Engineering/Technical.
The deadline for firms to request a DOE and submit NCP applications is June 4, 2026. The NCIA plans to distribute the Request for Quotation on June 30, 2026, with an anticipated bid closing date of August 15, 2026. The estimated contract award date is November 15, 2026. Interested contractors must also register with the NCIA eProcurement tool, Neo, to participate in the solicitation process.
Generated by Lumen AI
Scoped analysis and attachments—go beyond the summary when you need detail from the solicitation package.