DISA looking for novel approach to endpoint security
The Defense Systems Information Agency is looking for a way to improve the security on its nearly 4 million endpoints.
In a request for information posted on FedBizOpps earlier this week, DISA is asking for a new endpoint security solution that can cover its growing cyber environment, as well as scale to the size needed for the Defense Department.
DISA is encouraging respondents to be innovative, noting that the eventual contract winner will have to guard a range of endpoints — desktops, laptops, mobile devices, virtual endpoints, servers and infrastructure on both public and private clouds — over several different operating systems, including Windows, Linux, HP-UX, Oracle’s Solaris and IBM’s AIX.
The agency also wants the tools to support all sorts of environments, everything from small IT networks to networks on aircraft, ship and tactical command centers.
DISA wants companies to demonstrate where their products can counter attackers going through the cyber kill chain — a seven-step model that lists the stages of a cyber attack — and whether the product can protect against “advanced persistent threats.”
The agency says it is not necessarily looking for a holistic response to all of its requirements. It notes that a future acquisition will have commercial vendors partner for a solution that uses multiple products and allows for custom build-outs when DISA finds it necessary.
The request falls in line with DISA’s overarching plans to overhaul its technologic footprint. Last year, DISA CIO David Bennett highlighted numerous ways it would help DOD use cloud computing, including within its unified capabilities platform. DISA has also approved several mobile device management platforms within the past few months, aiming to manage around 40,000 unclassified devices by the end of the year.
Responses to the RFI are due by Feb. 2.