# 2026-0044 Secure Protocols Designer ADatP-36 STANAG 5659 (NS) - THU 18 Jun > EMW, Inc. · Netherlands (Remote) · Contract · Posted 2026-06-05 **Workplace:** remote **Department:** AAS ## Description **Deadline Date:** Thursday 18 June 2026 **Requirement:** Design and validate the ADatP-36 and STANAG 5659 security & / DSIG improvements **Location:** Offsite but collaborating with team members from NCIA, The Hague, The Netherlands with travel to various locations throughout NATO **Period of Performance:** 1 July 2026 to 31 December 2026 **Required Security Clearance:** NATO SECRET **1\. OVERALL SCOPE** The NATO Information and Communication Agency (NCIA) is engaged in the development, implementation, and testing of secure protocols that form part of the Command and Control (C2) information exchange specifications for NATO. In support of these activities, the Command and Control Centre requires the provision of an experienced Secure Protocols Designer/Implementer (hereafter referred to as the "Contractor") to deliver defined technical outputs and associated documentation in accordance with the agreed scope, quality standards, and timelines. Specifically, the Contractor shall be integrated within the project teams responsible for the design, documentation, development, and testing of security-enabled communication protocols and their associated software implementations. Under the overall supervision of the Project Manager (PM) and the technical direction of the Project's Technical Leader, the Contractor shall contribute to the development, refinement, and maintenance of security profiles for designated NATO standards. The Contractor shall also support the planning, preparation, execution, and assessment of validation and interoperability events. The Contractor's responsibilities shall include, but not be limited to: editing, reviewing, and contributing to relevant sections of selected NATO standards related to secure communication implementation; preparing executable technical artefacts and validating the associated security profiles; supporting experimentation, integration, and validation activities; participating in technical and coordination meetings as required by the PM and Technical Leader; maintaining and updating the development backlog, including progress reporting, comments, risk identification, and issue tracking; producing agreed technical deliverables in accordance with defined acceptance criteria, quality standards, and timelines; ensuring structured knowledge transfer to NCIA personnel and designated stakeholders throughout the contract execution, including preparation of technical documentation, architectural explanations, code walkthroughs, and operational guidance; supporting formal knowledge handover sessions prior to contract completion to ensure continuity, maintainability, and long-term sustainability of the delivered solutions. All source code, scripts, configuration items, and documentation produced under this contract shall be stored and maintained under configuration management within the NATO Software Factory environment. Coordination and development activities shall be performed remotely through secure access to NCIA systems using the unclassified development laptop provided by NCIA. The Contractor shall operate as part of a multidisciplinary development team following the SCRUM methodology. The scope, content, and acceptance criteria of each deliverable shall be defined by the Technical Leader and formally approved by the Project Manager. Completion and acceptance of deliverables shall include verification that adequate documentation and knowledge transfer activities have been performed. **2\. DELIVERABLES** This contract is deliverable-based. Payment shall be linked exclusively to the satisfactory completion and formal acceptance of defined deliverables or percentage of them in accordance with agreed scope, quality standards, timelines, and acceptance criteria. **2.1 Delivery and Acceptance Process** For each deliverable, the Contractor shall submit a completed Delivery Acceptance Sheet (DAS) to the Purchaser using the template provided in Annex B. Each DAS shall: clearly reference the associated deliverable identifier; describe the content delivered; confirm compliance with agreed acceptance criteria and KPIs; reference supporting artefacts (code repository location, documentation, test results, validation evidence); declare completion of associated knowledge transfer activities where applicable. The Purchaser shall review the deliverable within the agreed review period and formally confirm acceptance by signing the Delivery Acceptance Sheet. Where deficiencies are identified (based on acceptance criteria and KPI), the Purchaser shall provide consolidated feedback. The Contractor shall address the comments and resubmit the deliverable for acceptance. No delivery shall be considered complete until formally accepted in writing by the Purchaser. **2.2 Kick-Off and Planning** The Contractor shall participate in a kick-off meeting within one (1) working week following contract signature. The meeting may be conducted virtually via electronic conference capabilities. During the kick-off meeting: the Contractor shall be assigned to one or more C2C projects; the scope, priorities, dependencies, and initial backlog shall be reviewed. The Contractor shall present a preliminary execution plan outlining: proposed approach; deliverable breakdown; milestones; assumptions and dependencies; identified risks and mitigation proposals. The execution plan shall be reviewed and, where necessary, amended in agreement with the Purchaser. The agreed plan shall serve as the baseline for performance monitoring. The Contractor shall issue meeting minutes via email within two (2) working days, capturing at minimum: key decisions; assigned actions; updated risks; agreed next steps. **2.3 Status Reporting and Governance** The Contractor shall participate in regular status meetings, either in person (where feasible) or via electronic conference means. The frequency of such meetings shall be defined during the kick-off meeting. The Contractor shall: initiate the recurring meetings; provide structured status updates covering progress against deliverables; report on risks, issues, and mitigation actions; update the development backlog and planning artefacts; highlight deviations from scope, schedule, or quality baselines. Minutes shall be distributed within two (2) working days and shall include decisions taken and action items with assigned responsibilities and due dates. Performance shall be measured against agreed deliverables and milestones, not against level of effort. **2.4 Technical Deliverables** The Contractor shall support and contribute to: the development and refinement of security profiles for communication standards; the design and implementation of concept demonstrators; the preparation and execution of on-site and off-site validation activities, including interoperability exercises; the production of associated documentation, test evidence, configuration artefacts, and validation reports. All deliverables shall: be traceable to defined requirements; include appropriate technical documentation; be stored under configuration management within the NATO Software Factory; include evidence of validation and testing; incorporate structured knowledge transfer to ensure sustainability and continuity. **2.5 Intellectual Property, Configuration, and Continuity** All code, scripts, documentation, configurations, and artefacts developed under this contract shall be: stored within the designated NATO configuration management environment; fully documented to enable maintainability; delivered with sufficient technical detail to allow independent continuation by NCIA personnel. Completion of deliverables shall include verification that documentation, repository updates, and knowledge transfer obligations have been fulfilled. **3\. DELIVERABLES — DETAIL** All of the defined deliverables can be addressed as briefings, reports, designs (proof of concept demonstrators) or specifications using a well-defined NCIA-specified format, or where required Jira. All deliverables are to be peer reviewed within the deliverable cycle. Input and guidance will be provided by NCIA in written form and/or during the targeted review meetings. The deliverables described above will be provided, within the quarter of performance, in an incremental manner. The sections below provide, for each deliverable, a quarterly breakdown of the key material and immaterial components planned for execution in 2026, along with the related acceptance criteria and Key Performance Indicators (KPIs). **3.1 D01 — Define and document the security posture for the Future FFT (ADatP-36(C)) standard** **Project:** 16-21613 – FFT 2026 **Schedule:** Q3: 50% / Q4: 50% Note: This deliverable requires one TDY of 5 working days to NCIA in The Hague. **Q3** **Task 1:** Drafted proposal of security profile appendix for the near-real time protocol of the Future FFT standard (ADatP-36) indicating the architectural and the operational aspects together with the process and procedure for the services configuration and validation. **Acceptance Criteria:** A draft security profile appendix is delivered for the agreed scope; architectural, operational, configuration, and validation aspects are addressed; the draft is aligned with NATO DCS principles; and the document is reviewed and accepted by NCIA SMEs. **KPI:** Draft delivered within Q3; 100% of agreed topic areas covered; alignment with NATO DCS principles demonstrated; 0 major documentation gaps identified at acceptance. **Task 2:** Analysed and reported the level of compliance of the standards with the NATO Data Centric Security (DCS) requirements. **Acceptance Criteria:** A compliance analysis is completed for the agreed standards scope; the report identifies the level of compliance, gaps, and observations against NATO DCS requirements; and the report is reviewed and accepted by NCIA SMEs. **KPI:** Compliance report delivered within Q3; 100% of agreed standards scope assessed; all major compliance gaps identified and documented; 0 major review comments open at acceptance. **Q4** **Task 3:** Plan, execute and document validation tests event for the ADatP-36 security together with NATO nations that have been identified during the CWIX2026 event. **Acceptance Criteria:** Test plan, agreed with the staff, shall be documented and executed. 100% of the findings shall be documented. **KPI:** 100% of the discovered findings shall be documented within Q4; findings shall be documented in the test report together with the possible mitigation. **Task 4:** Amended the security profile appendix for the FFT standard (ADatP-36(C)) accommodating any problem identified during the validation event. **Acceptance Criteria:** The appendix is updated to address the problems identified during the validation events; the amendments are documented and aligned with NATO DCS policies and validation findings; and the updated appendix is reviewed and accepted by NCIA SMEs. **KPI:** Updated appendix delivered within Q4; 100% of findings addressed or dispositioned; 0 critical unresolved issues remaining in the agreed scope at acceptance. **Task 5:** Performed related activity within this scope as deemed appropriate and required to establish the deliverable. **Acceptance Criteria:** Supporting activities necessary to complete the agreed deliverables are performed and documented; outputs are relevant to the agreed scope and contribute directly to delivery completion; and the work is reviewed and accepted by NCIA SMEs. **KPI:** 100% of agreed supporting activities completed; supporting outputs delivered on time; no critical dependency left unaddressed within the agreed scope. **3.2 D02 — Refine and update the security posture for the STANAG 5659** **Project:** 16-21600 – ACT IOS 2026 **Schedule:** Q3: 40% / Q4: 60% Note: This deliverable requires one TDY of 5 working days to NCIA in The Hague. **Q3** **Task 1:** Reviewed the security profile appendix for the STANAG 5659 identifying issues and fragilities and providing solutions in line with the NATO Data Centric Security (DCS) policies. **Acceptance Criteria:** The review is completed for the agreed STANAG 5659 security profile scope; identified issues, fragilities, and recommended solutions are documented; recommendations are aligned with applicable NATO DCS policies; and the output is reviewed and accepted by NCIA SMEs. **KPI:** Review delivered within Q3; 100% of agreed sections assessed; all identified issues documented with proposed remediation; 0 major review comments open at acceptance. **Task 2:** Analysed and produced report of the level of compliance of the standards with the NATO Data Centric Security (DCS) requirements. **Acceptance Criteria:** A compliance analysis is completed for the agreed STANAG 5659 scope; the report identifies the level of compliance, gaps, and observations against NATO DCS requirements; and the report is reviewed and accepted by NCIA SMEs. **KPI:** Compliance report delivered within Q3; 100% of agreed scope assessed; all major compliance gaps identified and documented; 0 major review comments open at acceptance. **Task 3:** Amended the security profile appendix of the STANAG 5659 accommodating any problem identified during the internally agreed validation event. **Acceptance Criteria:** The appendix is updated to address the agreed problems identified during internally agreed validation event; the amendments are documented and aligned with NATO DCS policies and validation findings; and the updated appendix is reviewed and accepted by NCIA SMEs. **KPI:** Updated appendix delivered within Q4; 100% of agreed findings from validation event addressed or dispositioned; 0 critical unresolved issues remaining in the agreed scope at acceptance. **Q4** **Task 4:** Performed related activity within this scope as deemed appropriate and required to establish the deliverable. **Acceptance Criteria:** Supporting activities necessary to complete the agreed deliverables are performed and documented; outputs are relevant to the agreed scope and contribute directly to delivery completion; and the work is reviewed and accepted by NCIA SMEs. **KPI:** 100% of agreed supporting activities completed; supporting outputs delivered on time; no critical dependency left unaddressed within the agreed scope. **Task 5:** Produced final analysis and report of the level of compliance of the STANAG 5659 with the NATO Data Centric Security (DCS) requirements. **Acceptance Criteria:** A final compliance analysis and report are delivered covering the agreed STANAG 5659 scope; the report reflects Q3 and Q4 findings, updates, and validation outcomes; compliance status, gaps, and recommendations are clearly documented; and the report is reviewed and accepted by NCIA SMEs. **KPI:** Final report delivered within Q4; 100% of agreed scope assessed; all major compliance findings consolidated; 0 major review comments open at acceptance. **3.3 D03 — Develop a concept demonstrator and patch current DISG services to validate the NCDF security posture** **Project:** 60-21270 – DISG O&M **Schedule:** Q3: 70% / Q4: 30% **Q3** **Task 1:** Updated the services composing the DISG in line with the security profile defined for the ADatP-36 and STANAG 5659. **Acceptance Criteria:** The relevant DISG services are updated for the agreed scope in accordance with the applicable security profile requirements of ADatP-36 and STANAG 5659; the implemented changes are documented; functionality remains operational; and the updated services are reviewed and accepted by NCIA SMEs. **KPI:** 100% of agreed DISG service updates completed within Q3; alignment with agreed security profile requirements demonstrated; 0 critical defects open at acceptance; implementation changes documented and reviewed. **Task 2:** Designed, documented and deployed the infrastructure needed to test the DISG functionalities in conjunction with the STANAG 5659 and the ADatP-36 standards on NATO NSF network. **Acceptance Criteria:** The required test infrastructure is designed, documented, and deployed in the NATO NSF network for the agreed DISG, STANAG 5659, and ADatP-36 scope; the environment supports execution of the agreed functional and security-related tests; configuration and deployment steps are documented; and the setup is reviewed and accepted by NCIA SMEs. **KPI:** Infrastructure deployed within Q3; 100% of agreed NSF environment components implemented; deployment documentation delivered; environment ready for agreed test execution; 0 critical deployment issues open at acceptance. **Task 3:** Planned and executed DISG test risk reduction event (on site at NCIA or from remote). **Acceptance Criteria:** The DISG test risk reduction event is planned and executed for the agreed scope; objectives, scenarios, and required participants are defined; the event is conducted on site or remotely as appropriate; findings, risks, and observations are captured; and the activity is reviewed and accepted by NCIA SMEs. **KPI:** Event completed within Q3; 100% of agreed test scenarios executed or assessed; findings and risks documented; agreed follow-up actions recorded and shared. **3.4 D04 — Maintain and update the FFT simulation tool** **Project:** 16-21613 – FFT 2026 **Schedule:** Q3: 50% / Q4: 50% **Q3** **Task 1:** FFT simulator service maintenance (apply the changes and resolve the issues described in JIRA). This includes extending the functionalities in compliance with the updated FFT ADatP-36(B) and ADatP-36(C) (issues and improvements as described in JIRA). **Acceptance Criteria:** The agreed changes and fixes recorded in JIRA are implemented for the FFT simulator service; the simulator functionality is updated in line with the applicable ADatP-36(B) and ADatP-36(C) scope; implemented changes are documented; and the updated simulator is reviewed and accepted by NCIA SMEs. **KPI:** 100% of agreed JIRA issues and improvements addressed or formally dispositioned within Q3; updated functionality implemented for the agreed scope; 0 critical defects open at acceptance; implementation changes documented and reviewed. **Task 2:** Validation and test of the FFT simulator at an internal agreed validation event. **Acceptance Criteria:** The FFT simulator is validated and tested for the agreed scope; planned test activities are executed; results, issues, and observations are captured; and the testing outcome is reviewed and accepted by NCIA SMEs. **KPI:** 100% of agreed FFT simulator test activities executed; all major results and observations documented; 0 critical test results left unrecorded; test participation completed within Q3. **Q4** **Task 3:** Creation of the related change request and issue list in JIRA. **Acceptance Criteria:** The relevant change requests and issue list are created in JIRA based on the agreed findings, updates, and validation outcomes; entries are clear, traceable, and actionable; and the JIRA records are reviewed and accepted by NCIA SMEs. **KPI:** 100% of agreed change requests and issues recorded in JIRA within Q4; entries include sufficient detail for follow-up; 0 major findings left unrecorded. **4\. COSTS** The Cost Table below provides a breakdown of the contractual value allocated to each deliverable and specifies the corresponding project against which the cost shall be charged. For each deliverable, the table identifies the agreed fixed amount payable upon formal acceptance through the signed Delivery Acceptance Sheet (DAS). This structure ensures financial traceability, budget transparency, and alignment between deliverables, funding sources, and project accountability. The acceptance of the DAS will ensure that acceptance criteria against the KPIs have been attained. **5\. SCHEDULE** The Schedule of Deliverables below defines the planned timeline and sequencing of all contractual outputs. For each deliverable, the expected percentage of completion per quarter is indicated, providing visibility on progressive maturity, interim milestones, and staged performance measurement. These quarterly completion percentages serve as planning and monitoring references and do not replace the formal acceptance process, which remains subject to the submission and approval of the corresponding Delivery Acceptance Sheet (DAS). **D01:** Q3: 50% / Q4: 50% **D02:** Q3: 40% / Q4: 60% **D03:** Q3: 70% / Q4: 30% **D04:** Q3: 50% / Q4: 50% **6\. DELIVERABLE AND PAYMENT MILESTONES** This requirement is for the delivery of the Deliverable Products, associated with the mandatory projects and activities identified in Section 2 above, which will be determined and agreed at the kick-off meeting. The Contractor will provide a consolidated quarterly report, in the form of a completed Delivery Acceptance Sheet (DAS), annotating with precision the deliverables produced for the projects and activities supported. Payment will be issued for each deliverable in line with the percentages specified in Section 5 of this document, following the presentation and signing of the DAS. **7\. PERIOD OF PERFORMANCE** The services are to be provided from 1 July 2026 through 31 December 2026. **8\. SECURITY CLEARANCE** Contractor personnel delivering services on this contract require a valid NATO SECRET security clearance as from the start date of the contract. The expected classification level of the deliverables is NATO UNCLASSIFIED. However, in some particular circumstances it might be decided that a part of the deliverables will be classified as NATO RESTRICTED. The delivery of services requires the Contractor to access classified information up to NATO SECRET. **9\. TERMS** The execution of this contract will be coordinated by the NCIA C2C PMs leading the required deliverables. The level of the required services and its specifics are volatile and hardly predictable up front; however based on track records and historic data, it is estimated that for the execution of the deliverables that at least a team of 1 (one) full time contractor would be required for all the periods. Services on the contract will be delivered: at contractor premise; where requested, on-site at office and lab space at NCIA in The Hague; during TDY at remote location. This Task Order may require scheduled travel. Travel costs are included in the current offer and cannot be billed separately to the purchaser. A NCIA computer will be provided by NCIA-NL for the duration of this contract. NATO will retain the intellectual property rights for all products developed in relation to this project. **10\. SPECIFIC EXPERTISE REQUIREMENTS** \[See Requirements\] ![](https://workablehr.s3.amazonaws.com/uploads/photos/92373/e321aaa9b1d0fc7d4e7179fe76a4405d.png) ## Requirements **8\. SECURITY CLEARANCE** - Contractor personnel delivering services on this contract require a valid NATO SECRET security clearance as from the start date of the contract. **10\. SPECIFIC EXPERTISE REQUIREMENTS** **Essential** - At least 1 year of proven experience in the redaction of NATO standards. - At least 1 year of proven experience in the design and test of secure message exchange protocols. - At least 1 year of proven knowledge of, and practical experience in, the operational or technical use of FFT systems supported by NCIA. - At least 1 year of proven experience with the NATO Data-centric Security concept application. - At least 1 year of practical experience in the area of computer networks and messaging security, including DNS, domains, PKI certificates, network designs, OAuth, OpenID. - At least 1 year of practical experience in modern test engineering and test management methods and paradigms. - At least 1 year of proven up-to-date knowledge of computer system architectures, systems security, client/server, LAN/WAN and network concepts, test techniques, Database Management Systems (DBMS) and data management concepts. - At least 1 year of proven recent experience in planning and execution of validation activities within large-scale C2 exercises. - At least 2 years of programming experience in JAVA, JavaScript, Angular, Python. - At least 1 year of proven recent experience with XML and JSON technologies. - Staff provided by the Contractor must have the nationality of one of the NATO nations. - Staff provided by the Contractor must have an excellent command of spoken and written English. **Required** - Experience working in the NATO Software Factory (NSF). - Experience working with STANAGS 4774 and 4778. - Knowledge of NATO FFT, COT, JDSS, NCDF and other military or civilian interoperability standards for messaging and data exchange related to FFT. **Desirable** - Bachelor's degree in Computer Science, Information Technology or a closely related engineering field. - Experience supporting a recent NATO Interoperability exercise. - Experience interpreting and/or capturing business and user requirements through use cases and developing test cases accordingly. ## Apply [Apply at EMW, Inc.](https://apply.workable.com/emw/j/6AD0DC48F5/apply) --- Powered by [Workable](https://www.workable.com)