DIU seeks tech to support fast patching, inventory management

The Defense Department's innovation arm is looking for companies to help revamp its technology inventory management and accelerate vulnerability patching.

"The DOD's current systems for inventory management are custom-built and do not interface with best of breed market solutions, do not efficiently identify assets, and do not provide an integrated view of vulnerabilities and patch prioritization across the network or for each asset," the Defense Innovation Unit, formerly DIUx, wrote in its area of interest announcement Jan. 15.

DIU said the current method takes too much time to "assess, test, and deploy patches that fix newly identified vulnerabilities. This timeline must be shortened for success."

The ideal system will be already commercially available and able to comprehensively spot known and unknown vulnerabilities in DOD's network, including specific operating systems and linked mobile or internet-of-things devices and sensors.

"A more effective inventory management software solution with off-the-shelf capability will integrate into the existing network to reduce timelines for profiling assets on the network and prioritizing vulnerabilities to patch," DIU said.

Ultimately, the prototype should be able to handle a minimum of 500,000 active users and more than 1 million end points and scale to more than 3 million users and 11 million end points.

Submissions are being accepted through Jan. 24.

Since the new year, DIU has issued several solicitations, including for a tool that can supply and analyze open source cyber threat data and another for a predictive health solution that uses machine learning to develop diagnostic capabilities for medical imagery.