DOD wants to authenticate devices

The Defense Department wants to verify the identities of at least 25 million of its Internet-enabled devices, similar to how it authenticates human users, according to a request for information (RFI) the department has released.

Vendors have until Jan. 9, 2006 to respond to the request, which would create an enterprisewide device authentication program.

DOD’s Public Key Infrastructure (PKI) Program Management Office wants to develop, deploy and operate a PKI system for devices on DOD networks.

Devices that can use PKI certificates include laptop and desktop computers, routers, servers, firewalls, mobile phones (including voice-over-IP technology), cable and satellite modems, and portable media players, according to the RFI.

The PKI office is looking for solutions that allow trusted communication and use off-the-shelf products as much as possible, the RFI said.

Vendor responses must identify existing DOD resources for tracking PKI certificates and use existing permissions to pass through DOD firewalls.

Vendor suggestions must use digital signatures or equivalent means to authenticate users, the RFI stated. They must also meet Common Criteria security standards and comply with the Federal Information Processing Standard (FIPS) 140-2.

The Common Criteria are a set of internationally recognized standards of assurance for sharing classified information among government agencies. Meeting those standards is essential for companies that want federal contracts that include handling classified information. FIPS 140-2 sets minimum cryptography standards in federal security products.

The solutions must also use IPSec measures to protect classified information and be compatible with IPv6.

Finally, vendor suggestions should move DOD toward adopting Internet Engineering Task Force standards instead of proprietary DOD ones so the department can adapt to changing IPs and eventually use a wide variety of certificates, the RFI said.

Featured

  • CLOUD
    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.