The Office of Management and Budget, U.S. Department of Defense and U.S. General Services Administration awarded 12 contracts today for blanket purchase agreements (BPA) to protect sensitive, unclassified data residing on government laptops, other mobile computing devices and removable storage media devices. The BPA’s could result in contract values exceeding $79 million.
Awardees are MTM Technologies Inc.; Rocky Mountain Ram LLC; Carahsoft Technology Corp.; Spectrum Systems Inc.; SafeNet Inc.; Hi Tech Services Inc.; immixGroup Inc.; Autonomic Resources LLC; GTSI Corp.; GovBuys Inc.; Intelligent Decisions Inc. and Merlin International.
Products are Mobile Armor LLC’s “Data Armor”; Safeboot NV’s “Safeboot Device Encryption”; Information Security Corp.’s “Secret Agent”; SafeNet Inc.’s “SafeNet ProtectDrive”; Encryption Solutions Inc.’s “Skylock At-Rest”; Pointsec Mobile Technologies’ “Pointsec”; SPYRUS Inc.’s “Talisman/DS Data Security Suite”; WinMagic Inc.’s “SecureDoc”; CREDANT Technologies Inc.’s “CREDANTMobile Guardian” and GuardianEdge Technologies’ “GuardianEdge.”
The encryption of data-at-rest information is now possible through these BPAs, which were successfully competed using DoD’s Enterprise Software Initiative (ESI) and GSA’s government-wide SmartBUY (Software Managed and Acquired on the Right Terms) programs.
DoD ESI and the U.S. Air Force’s 754th Electronic Systems Group at Maxwell-Gunter Air Force Base, Ala., will provide acquisition and contract support for the awards and administer the contracts throughout their five-year contract lives. GSA’s SmartBUY program will provide all acquisition support for civilian agencies, including state and local governments.
Protecting data-at-rest has become increasingly critical in today’s Information Technology (IT) environment of highly mobile data and decreasing device size. Personal identity information or sensitive government information stored on devices such as laptops, thumb drives and PDAs is often unaccounted for and unprotected, and can pose a problem if these devices are compromised. In addition to saving taxpayer dollars, this enhances DAR information security and requires vendors to meet stringent technical and information assurance requirements.
Two months after OMB issued its memo, the DoD Data at Rest Tiger Team (DARTT) was developed to address technical requirements. The goal was to award multiple BPAs by mid-2007. Eventually, the DARTT evolved into an interagency team comprised of 20 DoD components, 18 federal agencies and NATO.
"This successful interagency team defined and agreed upon data-at-rest requirements, which enabled the government to establish these critically important BPAs." said David Wennergren, DoD's deputy chief information officer. "It is truly historic in that agencies from across all levels of the government came together to solve a problem and develop an acquisition solution to meet all federal, state and local government data-at-rest security requirements in an incredibly short time-frame.”
The DARTT conducted an extensive threat/risk analysis and market survey prior to submitting recommendations to the DoD military department chief information officers in October 2006. In November 2006, DARTT began the current acquisition process in conjunction with the DoD ESI. GSA SmartBUY and federal agencies joined the DARTT in December 2006 and NATO joined in January 2007, with state and local governments joining in March.
State and local governments are participating under GSA’s Cooperative Purchasing Program, which allows participating industry partners already on GSA’s Multiple Award Schedule 70 to sell their listed IT products and services to state and local governments. New security capabilities and discount pricing inherent in such a large acquisition will now be available across all levels of government.
Three categories of software and hardware encryption products are available under the BPAs - full disk encryption (FDE), file encryption (FES), and integrated FDE/FES products. All products use validated cryptographic modules and have met stringent security, technical and interoperability requirements.
Licenses are transferable within a federal agency and include secondary use rights. All awarded BPA prices are as low as or lower than prices each vendor has available on GSA schedules, with cost avoidance to the government estimated at up to $73 million over the life of the BPAs. Discounts of up to 85 percent are available for volume pricing based on tiers for 10,000; 33,000; and 100,000 users.
Additional information will be available on the ESI and GSA Web sites at www.esi.mil and www.gsa.gov/smartbuy .