USG Data at Rest Encryption/Protection

Transcription

1 USG Data at Rest Encryption/Protection Briefing g for the Symantec y Government Symposium Preventing Data Loss Panel Session 31 July 2008 UNCLASSIFIED 8/5/2008 UNCLASSIFIED//FOR OFFICIAL USE ONLY - ACQUISITION SENSITIVE Connecting People With Information1 1

2 USG DAR/PII Encryption Issues. Policy awareness, compliance, and technology per OMB policy directive M and DoD policy memorandums on mobile computing devices and PII USG loss of laptops, removable storage media, sensitive data, and PII: Multiple government agency (Federal, State, Local) loss of laptops, PDAs, removable storage media DoD thumbdrives (Afghan bazaar) Biti British government tloss of fpii via various incidentsid Numerous commercial PII incidents Connecting People With Information 2

3 Data at Rest Tiger Team (DARTT) Background Created by DoD CIO and DoD C4 Principals in Aug 06, joined by GSA/Civil Agencies in Dec 06, chartered PM via DoD CIO Acquisition Memo Mar 07 Collaborative intergovernmental effort - 20 DoD Components, 18 Federal agencies, State/Local, NATO Assessed shortfalls in USG DAR encryption policies, practices, initiatives, and technology solutions; focusing on mobile computing devices and PII data Used an unprecedented, competitive, and rapid (Dec 06 - June 07) acquisition process (FAR Part 8) to establish DoD ESI/GSA SmartBUY acquisition vehicles resulting in 11 BPAs (open to all USG agencies). Innovative Tech Refresh/Upgrade process using GSA collaboration portal ( Connecting People With Information 3

4 DARTT Status 11 BPAs awarded in June 07 with discounts up to 98% off GSA Schedule pricing Unprecedented leveraging of USG customer base Over 917,600 DAR encryption licenses sold to Federal, State, and Local govt agencies since award Represents $18M in sales with $82M in verifiable cost avoidance; or put another way, the USG has purchased $100M worth of DAR encryption products (at GSA Schedule pricing) for an actual cost of $18M Comprehensive DARTT information available to.gov and.mil accounts at GSA collaboration portal: More information: p Connecting People With Information 4

5 DARTT the Good News. Synchronization of govt policy & technology acquisition Collaborative effort across Federal, State, Local agencies and NATO Public awareness campaign recent DoD/GSA joint press releases; CNSS Annual Report (Mar 08); and articles in FedTech, FCW, GCN, Military Information Technology, and Network World magazines Highly successful Technical Refreshment/Upgrade process ( DARTT has approved 3 vendor BPA contract modification proposals, 1 more in-process. DARTT s on-going Advisory initiative; written and disseminated two DARTT Advisories for the ColdBoot and FireWire vulnerabilities for USG/public awareness. Connecting People With Information 5

6 DARTT Awards Several major awards for the DARTT program: DoD Excellence in Information Assurance Award (Feb 2008) 2008 Intergovernmental Government Solutions Award at the 28th Annual Management of Change Conference (June 2008) Executive Alliance nomination for Mid-Atlantic Project of the Year Award (June 2008) Connecting People With Information 6

7 DARTT Contacts: David Hollis Program Manager/Co-Chair Sharon Terango Co-chair Robby Ann Carter Technical Director Single source for comprehensive DARTT information: (GSA collaboration web site,.gov/.mil only) Vendor and BPA ordering information: / tb or BPA Points of Contact for Federal and State/Local Agencies Sharon Terango - SmartBUY IA PM (703) [email protected] Michael Hargrove - SmartBUY Contracting Officer (703) [email protected] BPA Points of Contact for DoD, IC, DHS, and NATO: Maurice Griffin - ESI IA Software Product Manager (334) [email protected] Richard Ashley - ESI IA Contracting Officer (334) [email protected] Connecting People With Information 7

8 BACKUP SLIDES Connecting People With Information 8

9 DAR Data at Rest ACRONYMS DARTT Data at Rest Tiger Team PII Personally Identifiable Information ESI DoD Enterprise Software Initiative BPA Blanket Purchase Agreement RFQ Request for Quote FIPS Federal Information o Processing Standards ds FDE Full Disk Encryption FES File/Folder Encryption System RSM Removable Storage Media SME Subject Matter Expert USG United States Government 8/5/2008 Connecting People With Information9 9

10 Awardees 1 MTM Technologies / Mobile Armor Mobile Guardian FDE / FES Software 2 Rocky Mountain Ram Safeboot FDE / FES SW & HW 3 Carahsoft / Information Security Corp. Secret Agent FES Software 4 Spectrum Systems Safeboot FDE / FES Software 5 SafeNet ProtectDrive FDE Software 6 Hi Tech Service / Encryption Solutions SkyLOCK FES Software 7 Autonomic Resources / WinMagic & Spyrus WinMagic SecureDoc & Spyrus Talisman SD FDE / FES HW &SW 8 GovBUYS / WinMagic SecureDoc FDE / FES Software 9 Intelligent Decisions / Credant Technologies Mobile Guardian FES Software 10 Merlin Int l / Guardian a Edge Guardian a Edge FDE / FES Software Technologies 11 immixtechnology / Pointsec Mobile Technologies Pointsec FDE Software 12 GTSI Corp / Credant Technologies Mobile Guardian FES Software Connecting People With Information 10

11 DARTT BPA Advantages All awarded offers are FIPS validated - vendor FIPS Confirmation form on file in the GSA/SmartBUY Program Licenses are transferable within a federal agency and include secondary use rights Volume pricing i is based on tiers for 10,000, ,000, and 100,000 users Competitive spot discounting is encouraged Five option years after award date: June 15, 2007 The BPAs were awarded through a full and open competition. The 103 technical requirements were provided by all federal agencies and were evaluated by an interagency USG team of information assurance/computer network defense SMEs. Connecting People With Information 11