The Pentagon wants to prevent personnel data tracking, breaches
The Defense Department's innovation shop is looking for commercial solutions that can help better protect personnel data.
The Defense Department wants more privacy protections for its personnel and military service members as it increases its use of digital services, so it's on the hunt for security solutions that prevent data tracking and privacy breaches.
To do this, the Defense Innovation Unit is looking for three commercial solutions, including technical, analytical, and training, that address "digital fingerprint security gaps" that are either on-premises or software-as-a-service, according to a new solicitation.
The Pentagon's innovation arm wrote that "current practices and digital services continue to proliferate data that may be aggregated to identify and track DOD personnel" and they are "vulnerable through higher risk of information spillage and privacy breaches" without the right tools to manage and protect digital information.
Such solutions must be able to customize commercial technologies used for managing personnel data throughout a career and handle secure but unclassified communications. Tech solutions and portals, which will be a provide personnel with information tools and be integrated with screening algorithms, should also be on cloud-based platforms (with end-to-end encryption and compatibility with DOD's common access card) that can protect applicants' and employers' identities "as well as the obfuscation of data throughout" the hiring process, the notice states.
Training solutions should be able to provide instruction related to human intelligence, ubiquitous technical surveillance, and counterintelligence to better train personnel on how to best protect personal and organizational information. Analytical solutions should focus on continuous risk management of an organization's digital signature and "be capable of analyzing organizational and individual processes" by using industry standards and best practices to rescue data vulnerabilities, DIU wrote.
The solicitation comes amid a departmental shift to implement zero trust security standards and architecture and the accompanying identity and access management solutions needed to achieve it. Responses are due May 16.
The notice comes as DIU’s director Mike Brown announced his intent to resign in September when his term ends. Brown was previously nominated last year to lead the Pentagon’s acquisitions before withdrawing from consideration.