DOD wants to authenticate devices

The Defense Department wants to verify the identities of at least 25 million of its Internet-enabled devices, similar to how it authenticates human users, according to a request for information (RFI) the department has released.

Vendors have until Jan. 9, 2006 to respond to the request, which would create an enterprisewide device authentication program.

DOD’s Public Key Infrastructure (PKI) Program Management Office wants to develop, deploy and operate a PKI system for devices on DOD networks.

Devices that can use PKI certificates include laptop and desktop computers, routers, servers, firewalls, mobile phones (including voice-over-IP technology), cable and satellite modems, and portable media players, according to the RFI.

The PKI office is looking for solutions that allow trusted communication and use off-the-shelf products as much as possible, the RFI said.

Vendor responses must identify existing DOD resources for tracking PKI certificates and use existing permissions to pass through DOD firewalls.

Vendor suggestions must use digital signatures or equivalent means to authenticate users, the RFI stated. They must also meet Common Criteria security standards and comply with the Federal Information Processing Standard (FIPS) 140-2.

The Common Criteria are a set of internationally recognized standards of assurance for sharing classified information among government agencies. Meeting those standards is essential for companies that want federal contracts that include handling classified information. FIPS 140-2 sets minimum cryptography standards in federal security products.

The solutions must also use IPSec measures to protect classified information and be compatible with IPv6.

Finally, vendor suggestions should move DOD toward adopting Internet Engineering Task Force standards instead of proprietary DOD ones so the department can adapt to changing IPs and eventually use a wide variety of certificates, the RFI said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.