DISA issues RFI to obtain advice on zero-trust procurement
The Department of Defense’s IT agency wants industry feedback for a planned move to zero-trust architecture model on its networks.
In a request for information, first published May 27 but recently updated, Defense Information Systems Agency’s (DISA) seeks guidance on how to approach the purchase of software and other technology systems in a manner that enhances network security. DISA operates networks for other combat support agencies and is leading the DOD’s broader modernization push through its Thunderdome program.
“DISA plays a critical role in providing network and security services across the Department of Defense (DOD), and will architect and deploy zero trust concepts to enable secure, conditional and continuous access,” the RFI states.
Zero Trust was mentioned in a recent executive order signed by President Biden urging that all government agencies begin to migrate to the new security model.
Zero-trust architecture assumes that hackers have already breached a network, and check users’ credentials at multiple points. This replaces legacy system structures in which credentials were checked only at the edge of a network, such as an entry point where users log in.
DISA is looking to obtain secure access service edge (SASE) and software-defined wide area networks (SD WAN), which are both cloud-based systems that the agency says will improve security. Other tech that the agency has been working to develop is enterprise identity, credentialing and access management (ICAM), a key part of identifying users on a network.
In the RFI, DISA said it’s considering using an Other Transaction Agreement (OTA), a type of contract that navigates around the Federal Acquisition Regulations (FAR) and can make purchases happen on shorter development cycles. DISA wants the tech up and running six months with several minimum viable products has been made by the selected contractor, it said.