DISA issues RFI for advice on zero trust buying
Written by Jackson Barnett
The Department of Defense IT agency is seeking feedback from industry for a planned shift to a zero trust architecture model on its networks.
In a request for information, first published on May 27 but recently updated, the Defense Information Systems Agency (DISA) asks for advice on how to approach the purchase of software and other technological systems from ‘a way that improves network security. DISA operates networks for other combat support agencies and is leading the broader DOD modernization effort through its Thunder Dome program.
“DISA plays a critical role in providing network and security services within the Department of Defense (DOD) and will design and deploy zero trust concepts to enable secure, conditional and continuous access. ” RFI precise.
Zero Trust was mentioned in a recent executive decree signed by President Biden urging all government agencies to start migrating to the new security model.
The Zero Trust Architecture assumes that hackers have already hacked into a network and verify user credentials in multiple places. This replaces legacy system structures in which credentials were only verified at the edge of a network, such as an entry point where users log on.
DISA is seeking secure access service edge (SASE) and software-defined wide area networks (SD WANs), both of which are cloud-based systems that the agency says will improve security. Another technology the agency has worked to develop is corporate identity, credentials and access management (ICAM), a key part of identifying users on a network.
In RFI, DISA said it was considering using an Alternate Transaction Agreement (OTA), a type of contract that bypasses federal procurement regulations (FAR) and can make purchases on shorter development cycles. . DISA wants the technology to be up and running for six months with a minimum of multiple viable products made by the selected contractor, he said.