USG Data at Rest Encryption/Protection



Similar documents
Endpoint & Media Encryption

Identity and Access Management Initiatives in the United States Government

Data at Rest Security in Navy/NMCI. Steven Gillis ONR Information Assurance Manager 10 January 2008

Product and Pricing Updates

ESC/HI VENDOR DAY. ESC/HIJ Enterprise Services Division. Mr. Timothy C. Nixon ESC/HIJ

How To Reduce Cost Of Ownership For Microsoft Products And Services

GENERAL SERVICES ADMINISTRATION (GSA) FEDERAL ACQUISITION SERVICE (FAS) Request for Quotations: GS10F15LPQ0022. Project ID: B15S47E0073

General Services Administration. Federal Supply Schedule Government-Wide Blanket Purchase Agreement for Identity Protection Services (IPS)

U.S. General Services Administration. Infrastructure as a Service (IaaS) Blanket Purchase Agreement (BPA) Fact Sheet

Blanket Purchase Agreement Attachment C Ordering Guide. DLT Solutions/Autodesk. Blanket Purchase Agreement (BPA): N A-ZF30

2009 NASCIO Recognition Awards Nomination. A. Title: Sensitive Data Protection with Endpoint Encryption. Category: Information Security and Privacy

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing

EnCase Forensic Product Overview

Forecast to Industry 2015 External Contracting Opportunities

NICE and Framework Overview

TOPIC 12 CONTRACT COST AND PRICE ANALYSIS

Briefing Outline. Overview of the CUI Program. CUI and IT Implementation

DoD ESI & The Joint Information Environment (JIE)

Federal Strategic Sourcing Initiative

STRATEGIC SOURCING. Opportunities Exist to Better Manage Information Technology Services Spending

Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

DISA Acquisition Opportunities

Palantir Software Enterprise Software Agreement. Blanket Purchase Agreement (BPA) N A-ZF34. (Approved 5/21/15) (Approved

Disk Encryption. Aaron Howard IT Security Office

Department of Defense INSTRUCTION

Vendor Landscape: Endpoint Encryption

Cyber Security for Advanced Manufacturing Next Steps

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

Commercial Software Licensing

U.S. General Services Administration. Federal Acquisition Service

Department of Defense INSTRUCTION. Security of Unclassified DoD Information on Non-DoD Information Systems

Benefits of the General Services Administration (GSA) Schedule. An introduction to the GSA Schedules Program and its process

Department of Defense INSTRUCTION

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Cloud Security for Federal Agencies

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

Report via OMB s Integrated Data Collection (IDC), 10

Federal Cloud Computing Initiative Overview

UNCLASSIFIED/FOR OFFICIAL USE ONLY. Department of Homeland Security (DHS) Continuous Diagnostics & Mitigation (CDM) CDM Program Briefing

Department of Defense INSTRUCTION

MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES

Department of Defense INSTRUCTION

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D. C December 5, 2012

Actions and Recommendations (A/R) Summary

December 8, Security Authorization of Information Systems in Cloud Computing Environments

4. Objective. To provide guidelines for IS requirements and LCM support under NMCI.

Department of Defense INSTRUCTION

Overview. FedRAMP CONOPS

National Initiative for Cyber Security Education

CLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance

The Advantages of Using the GSA Schedule and Blanket Purchase Agreements

The Economic Benefit of Cloud Computing

I. U.S. Government Privacy Laws

Subject: Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing

How To Use Encase On A Computer Or A Hard Drive (For A Computer)

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Comprehensive Endpoint Security

Security Content Automation Protocol for Governance, Risk, Compliance, and Audit

Commercial Software Licensing

Seeing Though the Clouds

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION

National Exercise Program (NEP) and the Homeland Security Exercise and Evaluation Program (HSEEP)

Developing a Mature Security Operations Center

Esri Managed Cloud Services and FedRAMP

TRADE AGREEMENTS ACT LIMITATIONS ON PROCUREMENT OF PHARMACEUTICALS AND POTENTIAL VA SOLUTIONS

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Federal Identity, Credential, and Access Management Trust Framework Solutions. Overview

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

GENERAL SERVICES ADMINISTRATION FACILITIES MAINTENANCE AND MANAGEMENT (03 FAC) Markon, Inc.

GAO CONTRACTING STRATEGIES. Data and Oversight Problems Hamper Opportunities to Leverage Value of Interagency and Enterprisewide Contracts

POLICY ON THE USE OF COMMERCIAL SOLUTIONS TO PROTECT NATIONAL SECURITY SYSTEMS

Federal Strategic Sourcing Initiative (FSSI) Office Supply Third Generation Contract (OS3)

Information Technology Asset Management

( 4EC C11392)

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

U.S. DEPARTMENT OF THE INTERIOR OFFICE OF SURFACE MINING RECLAMAION AND ENFORCEMENT DIRECTIVES SYSTEM

PGP Whole Disk Encryption Implementation

Transcription:

USG Data at Rest Encryption/Protection Briefing g for the Symantec y Government Symposium Preventing Data Loss Panel Session 31 July 2008 UNCLASSIFIED 8/5/2008 UNCLASSIFIED//FOR OFFICIAL USE ONLY - ACQUISITION SENSITIVE Connecting People With Information1 1

USG DAR/PII Encryption Issues. Policy awareness, compliance, and technology per OMB policy directive M-06-16 and DoD policy memorandums on mobile computing devices and PII USG loss of laptops, removable storage media, sensitive data, and PII: Multiple government agency (Federal, State, Local) loss of laptops, PDAs, removable storage media DoD thumbdrives (Afghan bazaar) Biti British government tloss of fpii via various incidentsid Numerous commercial PII incidents Connecting People With Information 2

Data at Rest Tiger Team (DARTT) Background Created by DoD CIO and DoD C4 Principals in Aug 06, joined by GSA/Civil Agencies in Dec 06, chartered PM via DoD CIO Acquisition Memo Mar 07 Collaborative intergovernmental effort - 20 DoD Components, 18 Federal agencies, State/Local, NATO Assessed shortfalls in USG DAR encryption policies, practices, initiatives, and technology solutions; focusing on mobile computing devices and PII data Used an unprecedented, competitive, and rapid (Dec 06 - June 07) acquisition process (FAR Part 8) to establish DoD ESI/GSA SmartBUY acquisition vehicles resulting in 11 BPAs (open to all USG agencies). Innovative Tech Refresh/Upgrade process using GSA collaboration portal (https://collab.core.gov). Connecting People With Information 3

DARTT Status 11 BPAs awarded in June 07 with discounts up to 98% off GSA Schedule pricing Unprecedented leveraging of USG customer base Over 917,600 DAR encryption licenses sold to Federal, State, and Local govt agencies since award Represents $18M in sales with $82M in verifiable cost avoidance; or put another way, the USG has purchased $100M worth of DAR encryption products (at GSA Schedule pricing) for an actual cost of $18M Comprehensive DARTT information available to.gov and.mil accounts at GSA collaboration portal: https://collab.core.govcore More information: http://www.defenselink.mil/releases/release.aspx?releaseid=11025 http://www.defenselink.mil/releases/release.aspx?releaseid=11684 p http://www.defenselink.mil/releases/release.aspx?releaseid=12041 Connecting People With Information 4

DARTT the Good News. Synchronization of govt policy & technology acquisition Collaborative effort across Federal, State, Local agencies and NATO Public awareness campaign recent DoD/GSA joint press releases; CNSS Annual Report (Mar 08); and articles in FedTech, FCW, GCN, Military Information Technology, and Network World magazines Highly successful Technical Refreshment/Upgrade process (https://collab.core.gov) DARTT has approved 3 vendor BPA contract modification proposals, 1 more in-process. DARTT s on-going Advisory initiative; written and disseminated two DARTT Advisories for the ColdBoot and FireWire vulnerabilities for USG/public awareness. Connecting People With Information 5

DARTT Awards Several major awards for the DARTT program: DoD Excellence in Information Assurance Award (Feb 2008) 2008 Intergovernmental Government Solutions Award at the 28th Annual Management of Change Conference (June 2008) Executive Alliance nomination for Mid-Atlantic Project of the Year Award (June 2008) Connecting People With Information 6

DARTT Contacts: David Hollis Program Manager/Co-Chair David.Hollis@osd.mil 703-602-9982 Sharon Terango Co-chair Sharon.terango@gsa.gov 703-306-6104 Robby Ann Carter Technical Director Robby.Carter.ctr@osd.mil Single source for comprehensive DARTT information: https://collab.core.gov (GSA collaboration web site,.gov/.mil only) Vendor and BPA ordering information: http://www.gsa.gov/smartbuy / tb or http://www.esi.mil/main.asp. BPA Points of Contact for Federal and State/Local Agencies Sharon Terango - SmartBUY IA PM (703) 306-6104 Sharon.Terango@gsa.gov Michael Hargrove - SmartBUY Contracting Officer (703) 306-7701 Michael.Hargrove@gsa.gov BPA Points of Contact for DoD, IC, DHS, and NATO: Maurice Griffin - ESI IA Software Product Manager (334) 416-4229 Maurice.Griffin@gunter.af.mil 703-231-8630 Richard Ashley - ESI IA Contracting Officer (334) 416-4229 Richard.Ashley@gunter.af.mil Connecting People With Information 7

BACKUP SLIDES Connecting People With Information 8

DAR Data at Rest ACRONYMS DARTT Data at Rest Tiger Team PII Personally Identifiable Information ESI DoD Enterprise Software Initiative BPA Blanket Purchase Agreement RFQ Request for Quote FIPS Federal Information o Processing Standards ds FDE Full Disk Encryption FES File/Folder Encryption System RSM Removable Storage Media SME Subject Matter Expert USG United States Government 8/5/2008 Connecting People With Information9 9

Awardees 1 MTM Technologies / Mobile Armor Mobile Guardian FDE / FES Software 2 Rocky Mountain Ram Safeboot FDE / FES SW & HW 3 Carahsoft / Information Security Corp. Secret Agent FES Software 4 Spectrum Systems Safeboot FDE / FES Software 5 SafeNet ProtectDrive FDE Software 6 Hi Tech Service / Encryption Solutions SkyLOCK FES Software 7 Autonomic Resources / WinMagic & Spyrus WinMagic SecureDoc & Spyrus Talisman SD FDE / FES HW &SW 8 GovBUYS / WinMagic SecureDoc FDE / FES Software 9 Intelligent Decisions / Credant Technologies Mobile Guardian FES Software 10 Merlin Int l / Guardian a Edge Guardian a Edge FDE / FES Software Technologies 11 immixtechnology / Pointsec Mobile Technologies Pointsec FDE Software 12 GTSI Corp / Credant Technologies Mobile Guardian FES Software Connecting People With Information 10

DARTT BPA Advantages All awarded offers are FIPS 140-2 validated - vendor FIPS 140-2 Confirmation form on file in the GSA/SmartBUY Program Licenses are transferable within a federal agency and include secondary use rights Volume pricing i is based on tiers for 10,000, 000 33,000, and 100,000 users Competitive spot discounting is encouraged Five option years after award date: June 15, 2007 The BPAs were awarded through a full and open competition. The 103 technical requirements were provided by all federal agencies and were evaluated by an interagency USG team of information assurance/computer network defense SMEs. Connecting People With Information 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information