Air-gapped end user device management solution, comprised of the end user devices (windows compatible)

Buyer: The NATO Communications and Information Agency (NCIA), Brussels

Description: The NATO Communications and Information Agency (NCIA) is conducting market research to identify qualified vendors and gather input on potential solutions to support the upcoming acquisition for air-gapped end user device management solution, comprised of the end user devices (compatible with Windows client OS) and necessary management component(s).

Submit responses no later than 12:00 hours CET on 19 March 2026.

Background

1. NCIA is looking for an air-gapped solution to provide remote management and administration of Windows based end user devices across two IT domains. The solution needs to support the complete lifecycle of the end user devices – provisioning, operation and decommissioning across both IT domains, providing only the entitled domain to the entitled end users. The end user devices need to support NATO-approved data at rest encryption or be compatible with NATO-approved encrypted hard drives. The solution needs to operate fully on-premise, in an air-gapped fashion and provide control over the peripherals attached to the end user equipment.

2. Additionally, NCIA is looking for a solution for presentation of PowerPoint slide decks in small conference/VTC rooms. The solution shall support user authentication against identity provider (e.g. Active Directory) and avoid storing any data at any time.

3. Both solutions will be deployed in Europe.

Feedback and Recommendations

i. Responses to the following RFI Questions

1. The following questions refer to the end user device management solution.

a. Is your solution currently in use and accredited for processing classified information in any NATO Allied Nation? If yes – at what classification level?

b. What data-at-rest protections are used in the end user devices?

c. Does your solution support Viasat DARC-ssd 600 hard drives (https://www.ia.nato.int/niapc/Product/Viasat-DARC-ssd–600_831) ?

d. What is the classification of the end user device when powered off and the data-at-rest protection is active?

e. What end user device types – laptops/desktops/tablets are supported by your solution?

f. Can the end user devices be used if the management component is offline/not available?

g. Are the end user devices supporting Windows client OS?

h. Do the end user devices support other client environments (e.g. Horizon client)?

i. Does your solution support zero-touch remote provisioning, i.e. the end user devices are provisioned from out of the box state to fully functional device completely remotely? If yes – describe briefly how.

j. Does your solution have multi-domain capabilities, i.e. supporting multiple isolated client environments?

k. What is your lead time to deliver the solution

i. with 10 end user devices?

ii. With 100 end user devices?

iii. With 500 end user devices?

iv. With 1000 end user devices?

l. What are the rough initiation costs to implement the solution for each of the quantities provided above? Please make a distinction between hardware, software and services. m. What are the annual recurring costs for your solution?

n. What is the licensing model for your solution – e.g. per device/per user?

o. Is any part of your solution subject to export control/authorisation for NATO use as part of the acquisition process?

p. Does your solution integrate with cyber security endpoint protection tools such as Splunk, Fidelis and Tenable?

q. Does your solution comply with strong authentication requirements (certificate based 802.1X)? If so, does it integrate with a centralized PKI solution or rely on its own PKI solution?

r. Does your solution provide BIOS hardening mechanisms to comply with NATO security hardening guidelines?

i. Or do you provide hardening guidelines for your product?

s. Does your product possess TEMPEST certification? If so, what is the available TEMPEST certificate level?

t. When purchased with TEMPEST certification, what is the impact on the delivery dates?

u. Do you provide tamper proof delivery of your hardware products to ensure supply security chain is not broken during delivery? If yes, please provide a high-level simple process description.

2. The following questions refer to the presentation solution.

a. Describe briefly how your solution works.

b. In what form factors and sizes is your solution available?

c. How do you handle different user authentication mechanisms?

d. How do you deal with storing and processing data on the device?

ii. Innovations or alternatives

iii. Rough Order Magnitude (ROM), including any assumptions upon which they are based