Email this Article Email   

CHIPS Articles: ESI/SmartBUY Acquisition Strategies for Data at Rest Encryption

ESI/SmartBUY Acquisition Strategies for Data at Rest Encryption
By Sharon Anderson - October-December 2007
The Office of Management and Budget, Defense Department and General Services Administration awarded multiple contracts in June for blanket purchase agreements (BPA) to protect sensitive, unclassified data residing on government laptops, other mobile computing devices and removable storage media devices.

These competitively awarded BPAs provide three categories of software and hardware encryption products — full disk encryption (FDE), file encryption (FES) and integrated FDE/FES products. All products use cryptographic modules validated under FIPS 140-2 security requirements and have met stringent technical and interoperability requirements.

Licenses are transferable within a federal agency and include secondary use rights. All awarded BPA prices are as low as or lower than the prices each vendor has available on GSA schedules. The federal government anticipates significant savings through these BPAs.

The BPAs were awarded under both the DoD's Enterprise Software Initiative (ESI) and GSA's governmentwide SmartBUY (Software Managed and Acquired on the Right Terms) programs, making them available to all U.S. executive agencies, independent establishments, DoD components, NATO, state and local agencies, foreign military sales(FMS) with written authorization and contractors authorized to order in accordance with the FAR Part 51.

Service component chief information officers (CIO) are currently developing component service-specific enterprise strategies. Accordingly, customers should check with their CIO for component-specific policies and strategies before procuring a DAR solution.

The Department of the Navy (DON) strategy is to implement an enterprise solution set. To this end, the DON CIO is reviewing the encryption products on the ESI and SmartBUY list with the Navy, Marine Corps and the Navy Marine Corps Intranet (NMCI) team to determine which of these products are most suitable to meet the needs of warfighters and warfighting-support personnel.

The DON is narrowing down the list to a smaller solution set, so it can capitalize on the Department's buying power and ensure the best price. Choosing an enterprise solution will ensure that all DAR encryption purchases made departmentwide will be interoperable. Once the team has identified the solution set, the DON CIO will notify DON personnel and provide detailed information about the timeline for delivery. The goal is to begin implementing mandatory encryption of DAR on or about the third quarter of fiscal year (FY) 2008.

The Air Force DAR enterprise strategy, consisting of products awarded by this BPA, is being developed by the Air Force Communications Agency (AFCA) in conjunction with the Office of Warfighting Integration and Chief Information Officer (SAF/XCD) and Cryptologic Systems Group (CPSG) and is expected to Andersonbe released the end of the second quarter of FY 2008.

A centrally funded AF Enterprise License Agreement for DAR is being considered. An interim solution utilizing inherent Microsoft XP and Blackberry encryption capabilities has been developed and is undergoing validation at Air Force Network Operations (AFNETOPS) with an estimated completion date and release to field of Sept. 1, 2007.

The Department of the Army plans to conduct further competition among the DoD/ESI/GSA SmartBUY awardees to negotiate further reduced pricing (licensing and maintenance) and provide more favorable terms and conditions.

The Army anticipates releasing a DAR procurement policy in September 2007 that will identify the approved product(s) for use by Army activities and also provide ordering procedures. Until product(s) selection, the moratorium on procuring DAR encryption products as set forth in the October 2006 Vice Chief of Staff (VCSA) ALARCT message remains in effect.

The bottom line is that even though we are anxious to comply with the DoD Memo, Encyption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage of July 3, 2007, as of press time, DoD users are not authorized to purchase DAR software because service-specific guidance has not been issued.

DON users are not authorized to purchase a DAR solution until the DON CIO has issued an enterprise solution for purchasing DAR software in the third quarter of FY 2008.

DAR BPAs offered through ESI/SmartBUY
Publisher - Vendor:
Mobile Armor – MTM Technologies, Inc. (FA8771-07-A-0301)
Safeboot – Rocky Mountain Ram (FA8771-07-A-0302)
Information Security Corp - Carahsoft Technology Corp. (FA8771-07-A-0303)
Safeboot – Spectrum Systems (FA8771-07-A-0304)
SafeNet, Inc. – SafeNet, Inc. (FA8771-07-A-0305)
Encryption Solutions, Inc. – Hi Tech Services, Inc. (FA8771-07-A-0306)
Pointsec/Checkpoint – immix Technologies (FA8771-07-A-0307)
SPYRUS, Inc. – Autonomic Resources, LLC (FA8771-07-A-0308)
WinMagic, Inc. – Govbuys, Inc. (FA8771-07-A-0310)
CREDANT Technologies – Intelligent Decisions (FA8771-07-A-0311)
GuardianEdge Technologies – Merlin International (FA8771-07-A-0312)
Ordering Expires: 14 June 2012 (if extended by option exercise)
Web Link: http://www.esi.mil
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer