Services.

NATO Communication and Information Agency’s Cyber Security Service Line provides services across a broad spectrum of:

  • CIS Security
  • Cyber Defence
  • Information Assurance
  • COMPUSEC
  • COMSEC

For enquiries about engaging of our services, please contact NCI Agency Demand Management

NCI Agency Demand Management Customer Request Form

Service catalogue.

Catalogue Item

Main Service Group

Forensic Analysis

Provision of resources to perform online (OCF) and stand-alone (SCF) computer forensics analysis.

NCIRC TC RRT

To provide resources, knowledge and coordination  to support the deployment of the NCIRC Rapid Reaction Team.

Cyber Security Incident Management

COMSEC/COMPUSEC Incident / Violation / Insecurity Investigation.
The provision of a centralised Incident Handling and Response capability to enable an effective and efficient response to immediately contain a detected and/or reported Incident. This can include but is not limited to; Incident Triage, Event Correlation, Incident Handling & Response, Alerting, Reporting, and Assisting with Recovery and Incident analysis.  Monitoring, evaluating and recovering from COMSEC incidents, violations and insecurities.

Internet Facing E-Mail Content Monitoring

The provision of the ability to check all Inbound/Outbound Internet e-mail to ensure compliance with NATO and applicable local Security Polices; such checks include malicious code, executable content, encrypted content, SPAM, and Classified Data content. Outbound e-mail can be monitored either centrally by the NCIRC TC, or locally by appropriate IA Staff.

Internet Web Site Monitoring

The ability to centrally monitor customer's Internet-facing Web Sites for unauthorised changes and to take appropriate reporting/remedial actions.

Host and Network Intrusion Detection & Prevention Monitoring

Host Intrusion Detection & Prevention Monitoring: 
The provision of centrally managed and monitored Host-based Intrusion Detection & Prevention technologies to detect, log, report, and stop/block malicious activity against critical infrastructure assets.

Network Intrusion Detection & Prevention Monitoring: 
The provision of centrally managed and monitored Network-based  technologies:
Intrusion Detection Systems (IDS) – will detect, log, and report network-based malicious   activity.
Intrusion Prevention Systems (IPS) – as for IDS with the additional function of the ability to attempt to stop/block detected activity.

Gateway Security Services- Data Diodes, Firewalls, Guard Sevices, Mailguard and VPN Services.

Gateway Security Services provide a secure interconnection of different networks or network sections in order to protect an organization’s key information. Includes  Data Diodes, Firewalls, Guard, Mailguard and VPN Sub-Services.

Gateway Security VPN Services feature:
- Central management and configuration of VPN Gateways
- Provisioning of centrally managed VPN Gateways
- Monitoring, updating and patching of centrally managed VPN Gateways
- Client-to-Site VPN
- Site-to-Site VPN
- Configuration Backup
- Disaster Recovery Services
- Log forwarding to archiving and/or forensic systems
- Back-reporting of system health issues

Gateway Security – Mailguard Services
include:
- Central management and configuration of Mailguard
- Provisioning of centrally managed Mailguard
- Monitoring, updating and patching of centrally managed Mailguard
- Configuration Backup
- Disaster Recovery Services
- Log forwarding to archiving and/or forensic systems
- Back-reporting of system health issues
- End-user support to identify mail rejection issues

Gateway Security – Firewall Services include:
- Central management and configuration of Firewalls
- Provisioning of centrally managed firewalls
- Monitoring, updating and patching of centrally managed firewalls
- Configuration Backup
- Disaster Recovery Services
- Log forwarding to archiving and/or forensic systems
- Back-reporting of system health issues

Gateway Security Guard Services feature:
- Central management and configuration of XML-Guard Services
- Provisioning of centrally managed XML-Guards
- Monitoring, updating and patching of centrally managed XML-Guards

Gateway Security Data Diode Services feature:
- Central management and configuration of Data Diode Systems
- Provisioning of centrally managed Data Diode Systems
- Monitoring, updating and patching of centrally managed Data Diode Systems
- Configuration Backup
- Disaster Recovery Services
- Log forwarding to archiving and/or forensic systems
- Back-reporting of system health issues

Crypto Management and Logistic Support

Cryptographic Device Implementation
Installation of Cryptographic Devices within Alliance for Peer-2-Peer encryption. This includes all supporting activities necessary in advance and after installation to ensure installation and operation according to established NATO regulations. The types of crypto equipment include Voice, IP, Link, Trunk and Wideband. The supporting activities for this service include CIS System Management Support, Assistance to Accreditors, Site Surveys, Configuration documentation, and Help Desk Support.

Cryptographic Device Procurement Support

Advice on the design scope and planning for the procurement of NATO-approved cryptographic solutions, and execute the procurement and potentially provide the related services: implementation, training and maintenance.

Operational Control of the Crypto Forward Support Points.
Provides Operational Control and Management of the Crypto Forward Support Points NATO-wide. Provision of timely replacement equipment and testing of faulty equipment prior to evacuation into the maintenance chain (NSPA/CSSC). 

Cryptographic Keying Material Distribution
The timely distribution of operational keying material and equipment to the end-user. 
Allocation of keys to service requests (SRTS).
Provision of Controlling Authority services for all operational (theatre) and most operational (non-theatre) physical and electronic keying material.

Centralised management of distributed Crypto IP equipment providing the encryption of classified data (up to CTS level).

CARDS, EKMS, NEKMS and DEKMS Services

Provision of resources to deliver the NATO wide accountability, receipt, transfer, supersession and destruction of cryptographic keying material and equipment. 
Maintenance of the CARDS Servers and authorisation for CARDS access to COMSEC custodians.
Provision of specialist advice on cryptographic equipment installation, configuration, keying, operation, trouble shooting and related technical or engineering issues.
Provision of helpdesk functions for DEKMS and NEKMS.

Provision of the main point of entry for DACAN Electronic Key Management System (DEKMS) into NATO.  Interface for DEKMS to NATO EKMS (NEKMS) for NATO wide distribution of crypto electronic keys (+50000 Keys/Year).

Security Certificate Services

Certificate Authority Services for NS/MS, NU/NR and NMS
A service used for the creation and issuance of digital certificates to end-user (both human and non-human). This is service will be provided from a Registration Authority (RA). The RA will be only interface to the NATO PKI system to create and issue digital certificates. The service provided also includes the revocation process. RA’s will be installed locally to provide services to the end user both human and non-human. Manpower to operate Registration Authorities situated outside of the NATO Command Structure is not included within this service line.  Manpower to operate Registration Authorities for non-eligible entities or exceptional-eligible entities not co-located with a NCS sites shall be provided by those external agencies or multinational entities.

Revocation services to NS/MS, NU/NR and NMS

CRL and OCSP services to NS/MS, NU/NR and NMS is a service used for providing a valid Certificate Revocation List and OCSP responses to end users, both human and non-human. The CRL provides a list of revoked certificates, this list will be checked, every time an end user uses digital certificates to establish a secure connection, or to authenticate to a system the CRL is checked. As soon as a certificate is on the CRL the connection, authentication is denied. OCSP responses provide the validity of a single end entity including the full chain in response to a specific query.  The OCSP and CRL services to the aforementioned networks are a vital and critical service.  OCSP Services are planned to commence in 2015.

Lifecycle Management of Digital Certificates/Entities
Lifecycle Management of Digital Certificates / Entities is a service which contains the creation, issuance, management, maintenance, re-issuance, key recovery, revocation and deletion of a bonafide end-user (both human and non-human). The lifecycle management of digital certificates / entities also includes the partial management, maintenance of the meta directory on which the user are created.

Training of Registration Authority Personnel

Training of Registration Authority personnel is a service used for on the job training of Registration Authority Operators (RA Operators).
On the job training takes place after the local site received a RA and the RA is configured and operational.

Data at Rest IA Services

Provision of NATO Off Line Crypto Equipment (NOLCE) keying Authority.  Distribution and keying of all NATO Offline systems (Eclypt, SIR, Flagstone, etc.).

Cyber Security OPCEN Help-Desk (Ext 6666)

Provision of a 24/7 presence of specialists to give advice on potential cyber security incidents (and appropriate escalations as required), cryptographic equipment installation, configuration, keying, operation, trouble shooting and related technical or engineering issues, production of user configuration data sheets and user documentation for IP encryption devices. 

Cyber Security Support to Exercises

Provide CS SL exercise support activities to include duties as SPOC for exercise coordination, planning, resourcing and execution; exercise participation activities and exercise control activities.

Cyber Security Communications Service

Bulletins (inc NIMBL), portals and other communications with Cyber Security communities if interest.
Generation of reactive advisories to mitigate discovered vulnerabilities or to reduce the impact of newly emerged threats. Communication of specific, timely and authorative guidance.


Cyber Defence Information: An extended service from the malware sharing MISP Platform. It covers any CD-relevant information (threats, vulnerabilities), which do not disclose details of any incidents.

Expertise in cyber information sharing utilising Sharepoint technology.

On-Site Vulnerability Assessment (Level 1-4) and Remediation

Level 1 Assessment:
Provision of resources to carry out Level 1 On-Site Vulnerability Assessment of CIS infrastructures/systems to identify any vulnerabilities in Hardware, Software or configurations and to provide detailed reports.

The provision of a centrally managed capability to ensure that:
a. no data is stored classified higher than the Network is approved/accredited for
b. no classified data is transmitted without the appropriate encryption or approved physical protection
c. all information is labelled correctly with a human and machine readable security classification
d. CIS are configured securely based on NCIRC TC approved settings or, where these do not exist, following industry's best security practice.

Level 2 Assessment:
In addition to a Level 1 Assessment:

Provide resources to carry out Audit and Compliance checks on NATO CIS, to ensure compliance with NATO Policies, Directives and Guidance documents including NCIRC TC Security Guidance and Caveats to approved CCPs
1. Inventory of all connected devices
2. Inventory of authorized and unauthorized software
3. Inventory of patch and update status of all installed software and operating systems
4. Secure configurations for hardware and software on workstations and servers
5. Malware defences
6. Secure configurations for locally managed network devices
7. Controlled use of administrative privileges
8. Controlled access based on the need to know principle
9. Data loss prevention
10. Locally managed boundary defence.

Level 3 Assessment:
To evaluate the security of computer systems or networks by simulating an attack from malicious outsiders or insiders and to provide detailed reports.

Level 4 Assessment:
To carry out Level 4 Vulnerability Assessments to evaluate the security of computer systems or networks by simulating an attack from malicious outsiders or insiders with no notice other than unit commander and security officer and to provide detailed

Remediation.
Processing 30 day follow up sheet replies.  Advising on mitigation techniques escalating issues and closing vulnerabilities at sites.

Online Vulnerability Assessment and Remedation

Provision of Enterprise On-Line Vulnerability Assessment resources to carry out continuous and dynamic evaluations / audits of CIS infrastructures/systems to identify any vulnerabilities in Software or configurations and to provide detailed reports
1. Inventory of all connected devices
2. Inventory of authorized and unauthorized software (limited functionality)
3. Inventory of patch and update status of all installed software and operating systems(limited functionality)
4. Secure configurations for hardware and software on workstations and servers (limited functionality)
5. Malware defences (limited functionality)
6. Secure configurations for locally managed network devices (limited functionality)

Remediation: Processing 30 day follow up sheet replies.  Advising on mitigation techniques escalating issues and closing vulnerabilities at sites.

Website Assessment

Provision of resources to assess NATO Internet facing Web sites for security mis-configuration, vulnerabilities and coding bad practices.

Limited Technical Security Inspections

Provision of Limited Technical Security Inspection at locations utilising:
• Radio Frequency sweep;
• Thermal Imaging sweep;
• Detailed Physical search,
to identify security compromises.

Crypto Compliance Support

Crypto Logistic Support and Maintenance Inspections:
Provision of formal inspection of all organisations storing, operating or maintaining NATO funded cryptographic equipment in order to ensure that the procedures and practices of cryptographic logistic support, installation and maintenance is compliant with established Directives.

Crypto Installation, Site Surveys and Inspections:

Provision of inspections and/or advisory visits on cryptographic installations in order to ensure compliance with installation Directives, to include installations and site surveys.

COMSEC Account Inspections:
The formal inspection of all NATO COMSEC Accounts in order to ensure that the procedures and practices of COMSEC account custodianship are in accordance with established Directives.

TRANSEC Vulnerability Assessment and Awareness

TRANSEC Vulnerability Assessment:  Provision of real time monitoring of an organisation's non secure communications (GSM, analogue, digital and VoIP), with the purpose of presenting realistic and effective countermeasures to limit the disclosure of intelligence information to unauthorised personnel/agencies.

TRANSEC Awareness:  Delivery of awareness training/briefings to include IA OPSEC/TRANSEC Awareness

TEMPEST/ EMSEC Assessments

TEMPEST Facility Zoning:
Provision of electronic evaluation of NATO Facilities and Buildings where NATO Classified information is processed in order to determine their Facility Zone Rating.  Including advice to local IA staff on TEMPEST issues.

EMSEC Vulnerability Assessments:
Provision of Vulnerability Assessments within a Zoned Facility
The service includes advice to local IA staff on TEMPEST issues

Equipment TEMPEST Level Testing:
Provision of Equipment TEMPEST Level Testing and TEMPEST management/
Lead of the four NCIA TEMPEST test labs.

Cyber Security Awareness, Outreach and Visits Coordination

Staffs, Coordinates and Maintains a programme of visits (both in and out of the SL) in order to support CS SL development and, where appropriate, broader NATO Cyber Security aims. Encourages liaison and information sharing through outreach programmes and distribution of regular Cyber Security reporting, including Vulnerability Assessments and Cyber Sitreps.  Planning, coordination and execution of multi Branch CS SL level visits and provision of advice to Branch level visits, as required.  Liaison with SHAPE to facilitate appropriate security pass provision for visitors. Outreach, including through Cyber Sitreps, briefings, portals and other information campaign activities.

Service Level Management

Management of the CS SL contribution to NCIA Customer and Service Catalogues.  Acting as a source of expertise and single point of entry for CS SL Service Level Management activities including catalogue and SLA reviews, including providing expertise in the formation of metrics and KPIs.

Business Continuity Planning Cyber Security Consultancy

Create  and conribute to contingency plans for the continued operation of a CIS when a disaster or other serious incident occurs.

Cyber Security Design Services

Design CISs that are able to adapt to changing conditions in order to accomplish appropriate levels of CIS Security.  Incorporates Vulnerability Assessment services as required.  Adopt or develop CIS Security designs that can be implemented efficiently and that fulfil CIS Security requirements. Derive adequate CIS Security requirements and measures for systems or networks by valuating assets in the presence of known threat environment and vulnerabilities. It includes the analysis the security risk induced by the implementation of a new capability, a change to an existing one or systems that are delivered and are about to go operational. May include provisioning of Value analysis (potentially offered separately). Value analysis comprises the identification and estimation of the value to the business or mission of information processed, stored, or transmitted by the CIS, the services provided by the CIS, and the CIS itself. May include the conduct of dedicated Vulnerability Analysis to determine the susceptibility of computer systems, networks, or technologies to support Capability Development.

Pre-production Security analysis
Analyse deliverable such as Internet facing Web sites for security mis-configuration, vulnerabilities and coding bad practices.

Cyber Security Configuration Support

Provision of security configuration settings for in-use and future NATO Approved CIS Applications software and Networking devices and Operating Systems software.  Provision of configuration guidance for the securing of Boundary Protection devices, to include the approval of information flows over those devices as part of the configuration change process or firewall rule base change request process.

CIS Protection Support

Provision of guidance for the implementation, configuration and management of NATO Enterprise-wide endpoint security software.

CIS Project Cyber Security Research and Consultancy

Cyber Security Consultancy
Consultancy on security aspects of implementation, configuration, management and support of NATO CIS software, systems and devices.

Research CIS Security
Systematically investigate areas related to CIS Security in order to establish new technologies and approaches that can improve CIS Security.

CIS Security Data Mining and Business Intelligence

Provision of non real-time, non-investigation-related CIS Security Data Analysis for strategic trend projection. This includes business development screening of existing services for possible expansion.

CIS Components and Supply Chain Trustworthiness Analysis


CIS component Cyber Security
Analyse and evaluate the extent to which one can rely on a CIS component, be it hardware, software, or both, to function as intended. The assessment can be made through either a set of assurance techniques or less rigorous means.

Supply Chain Cyber Security

Plan for, collect information about, assess, and handle the level of trust that can be placed in the components of a CIS based on the supply of sub-components, manufacturing, and logistics.

Cyber Security Project Management

Conduct and management of projects and programmes according to PRINCE2 methodology. This service includes the definition of acquisition requirements and contracting strategy, followed by a competitive outsourcing to industry from the 28 NATO nations. It includes as well partnering with industry to ensure that the latest, state-of-the-art technology is implemented in a coherent and cost-effective way.

Cyber Risk Assessment Services

Risk Communication & Education
Educate all relevant stakeholders to understand the risk associated with using the CIS for the objectives currently being undertaken.

Coordination in Security Risk Assessment Working Groups
Support, lead, or coordinate Security Risk Assessment Working Groups for NATO programmes or projects. This includes lead or coordinating the meetings and ex-committee work, providing advice regarding security risk assessment and risk management process, and support conducting SRA by the Group.
Specifically for the NATO Security Risk Assessment Group (NSRAG) this services entails the review and approval (in coordination with SAAs) of the specification of risk assessment/management tools used for NATO CIS (e.g. NATO profile for PILAR), the development and maintenance of generic security risk assessment for NATO CIS scenarios as well as support of NOS and the Security Committee in IA format in the review / development of NATO documents addressing security risk assessment / management and provision of support to NSAB.

Cyber Security Architecture Services

Definition of security focussed mission and NCI Agency enterprise objectives, expectations, and responsibilities.
Review of overarching (high level) architectures and target architectures ensuring compliance to NATO Security Policies and architectural coherence among projects and systems.
Support to establish this strategic direction is provided as requested and coordinated by SSTRAT.

Security Architecture (Adoption)

Provide adequate organization of CIS security requirements into an security architecture for any CIS system in order to ensure efficient usage of security resources that is aligned with high-level direction and guidance. This entails the CS support on overarching, reference, and target architecture for every introduced NATO capability.

Cyber Security Policy Support

Support the development and maintenance of technical NATO Directive and Guidance documents, and review of Cyber Security/Information Assurance/Cyber Defence related documentation. This covers both documentation through the NOS Roadmap as well as any supporting documents in NATO’s regulatory security framework.  Support to NATO Policies' and high-level Directives' Development. This includes NATO Security Policy, NATO Information Management, NATO Cyber Defence Policy and all applicable Enclosures.

Cyber Security Education and Training  Support Services

Provide technical and policy aspects of guidance on Cyber Security Education and Training guidance.

Security Accreditation Support Services

Security Accreditation Preparation and Documentation (New System s)
Extracting and formatting from the results of the Security Design to the Security Accreditation Templates and other supporting documentation such as Security Risk Assessment (SRA), System-specific Security Requirements Statements (SSRS), and SecOPs. Serves as first Point-of-Contact for Accreditation of new systems.

CIS Security Conformity Support

Support towards formal attestation that the prescribed security measures are in place. This ensure that new or modified security services meet the security expectations of the customer as well as the requirements of the NATO Security policy and supporting Directives before being deployed and activated.

Security Accreditation Support (In-service systems).

Comprehensive coordination with the NATO CIS Security Accreditation Board (NSAB) or any applicable Security Accreditation Authority (SAA). Guidance and support on security accreditation and re-accreditation activities as required by the NATO SAA's.   Interfacing to the NSAB or applicable SAA, the security-related documentation. Assistance to the Security Accreditation Authorities, to review and provide technical assessment of the security-related documentation, required in the accreditation process for CIS introduced or managed by other than the NCI Agency. Development of security accreditation strategies. Serves as first Point of Contact for re-accreditation of in-service systems.

Provisioning of Threat Assessment is a component of this service which can be potentially offered separately. Threat Assessment comprises the identification and estimation of threats based on collected threat information.

Cyber Security Tool Selection

Development of guidance in the selection of specific CIS security tools. Support and advice on Information Assurance products evaluation and certification. This service may support the maintenance of the NATO Information Assurance Product Catalogue (NIAPC).