DOD seeks commercial encryption software

The Defense Department is looking to protect all data at rest (DAR) on mobile computers and storage devices using commercial encryption software. DOD will soon award one or more enterprisewide software agreements under the DOD Enterprise Software Initiative (DOD-ESI) and the General Services Administration’s Federal SmartBUY program.

The department is calling on industry to submit software solutions to encrypt all DAR storage devices, including hard drives of laptop and desktop computers, tablet PCs, smart phones, personal digital assistants, and removable storage devices, according to a pre-solicitation notice.

DOD estimates the agreements will cover more than 1 million laptops and 1 million other mobile devices. DOD wants to award blanket purchase agreements with multiple vendors co-branded as DOD-ESI and SmartBuy agreements under Part 8 of the Federal Acquisition Regulation. Although the focus will be on products and maintenance, professional services will also be included in the contracts.

The Air Force is the executive agent for enterprise software initiatives dealing with information assurance. The 754th Electronics Systems Group, based at Maxwell Air Force Base, Ala., will develop the acquisition strategy and manage the DAR agreements.

Meanwhile, the Office of the Assistant Secretary of Defense for Networks and Information Integration/DOD Chief Information Officer is developing a departmentwide policy memorandum for DAR encryption that is in draft form.

The office’s DAR Tiger Team (DARTT) is working on that policy, which will institute a phased approach for DAR encryption of all mobile computing devices and removable media, and require all DOD computers to have a Trusted Platform Module chip certified by the National Information Assurance Partnership. The policy will also recommend stronger internal controls and management at DOD components.

DARTT released a request for quotes at an industry day Dec. 20, 2006. The purchase agreements, which have a duration of five years, should be awarded in March, according to documents that accompanied the RFQ.

In June, the Office of Management and Budget issued a memorandum requiring that all federal agencies take steps to ensure DAR encryption. Departments should encrypt all data on mobile computer and devices, use two-factor authentication and a time-out function for all remote computer access, and to log all extracts from databases holding sensitive information.

“In an effort to properly safeguard our information assets while using information technology, it is essential for all departments and agencies to know their baseline of activities,” the memo states.

In August 2006, Army CIO Lt. Gen. Steven Boutelle authorized all Army components to purchase encryption software from Credant Technologies for use on all laptops that travel. “Data at rest is data at risk,” he says.

Publicity stemming from several recent laptop losses and thefts at various federal agencies has pushed DOD to move to protect DAR, said Mark Zelinger, president of Zelinger Associates. By selecting a certain number of preapproved DAR software products, DOD can force special pricing, he added.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.