2026-0094 Cyber Governance Support - Lessons Learned Scorecard (NS) - MON 6 Jul

Deadline Date: Monday 06 July 2026Requirement: Cyber Governance Support - Lessons Learned and Scorecard OversightLocation: Offsite in a NATO CountryNote: Please refer to your Subcontract Agreement, article 6.4.1.a, which states "Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at-home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs.Period of Performance: 2026 BASE: 03 August 2026 (tentative) to 31 December 2026Required Security Clearance: NATO SECRETSpecial Terms and Conditions: Non-disclosure agreement must be signed1. OBJECTIVEThe objective of this engagement is to provide governance and coordination support for enterprise cybersecurity governance activities, specifically supporting the Cyber Lessons Learned (LL) and NATO Enterprise Cybersecurity Scorecard (Scorecard) processes.The contractor will assist CDT in coordinating stakeholders, supporting reporting activities and ensuring that cybersecurity governance processes are executed in a structured, consistent and traceable manner.The engagement focuses on supporting two main work packages:Cyber Lessons Learned coordination and process supportCybersecurity Scorecard oversightThe contractor will provide coordination and documentation support but will not perform operational cybersecurity activities or entity-level assessments.2. SCOPE OF WORKThe contractor shall provide governance support services across two distinct Work Packages (WP).2.1 Work Package I – Cyber Lessons Learned SupportThe contractor shall support the implementation and operationalization of the Cyber Lessons Learned process among relevant cybersecurity stakeholders, ensuring that lessons related to cybersecurity activities are systematically identified, captured, structured, coordinated and tracked.In support of this objective, the contractor shall assist CDT in coordinating stakeholders involved in the relevant enterprise cybersecurity processes and facilitating the capture and documentation of lessons learned.Activities within the scope include:Supporting the implementation and operationalization of the Cyber Lessons Learned process across relevant cybersecurity stakeholdersEngaging stakeholders involved in the relevant cybersecurity processesCoordinating the capture and structuring of lessons learned informationSupporting documentation of changes made to procedures or documentation resulting from lessons learnedSupporting the organization and documentation of Lessons Learned coordination meetings and workshopsSupporting the maintenance of templates, repositories or portals used to capture lessons learned informationThe contractor will act as a coordinator supporting stakeholders involved in the Lessons Learned process.2.2 Work Package II – Cybersecurity Scorecard Oversight SupportThe contractor shall provide coordination and oversight support related to the execution of the annual NATO Cybersecurity Scorecard Assessment (Scorecard) cycle, ensuring visibility of progress and alignment with Lessons Learned processes.Activities within the scope include:Supporting coordination of the Assessment Team (including contractors) performing Scorecard activitiesReviewing contractor outputs and providing quality assurance observations to CDTMaintaining oversight documentation such as tracking dashboards, issue logs and status summariesScorecard outputs may also be used as inputs to support the Cyber Lessons Learned process.3. DELIVERABLESDeliverables are structured under two WPs corresponding to the two workstreams of the assignments. All deliverables will be assessed according to the criteria described in General Acceptance Criteria. Where relevant, additional deliverable-specific criteria are defined below.3.1 Work Package I – Cyber Lessons Learned Coordination SupportThe contractor shall provide the following deliverables supporting the Cyber Lessons Learned process.3.1.1 Deliverable WP1-D1Deliverable Name: Lessons Learned Coordination PlanDescription: Documentation describing the approach for coordinating the Cyber Lessons Learned process among relevant cybersecurity stakeholders.Contents: Stakeholder engagement approach; Description of the Lessons Learned workflow; Coordination structure supporting the processFormat: Process documentation reportAcceptance Criteria: Stakeholder engagement approach documented and aligned with identified cybersecurity stakeholders; Lessons Learned workflow clearly defined from capture through closure; Roles, responsibilities and coordination structure documented; Process supports traceability of lessons through implementation; Document delivered by agreed milestone; Accepted by CDT Technical Lead without material reworkKPIs: KPI 1.1 – Timely Delivery: Coordination Plan delivered by agreed due date: 100%. KPI 1.2 – Completeness: Mandatory sections completed: 100%. KPI 1.3 – Acceptance Quality: Acc