Data at Rest (DAR) Encryption Awardees Announced
GSA # 10359
June 14, 2007
Contact: Jon Anderson, (202) 501-1231
Washington, DC - The Office of Management and Budget, U.S. Department of Defense and U.S. General Services Administration awarded 10 contracts today for blanket purchase agreements (BPA) to protect sensitive, unclassified data residing on government laptops, other mobile computing devices and removable storage media devices. These BPAs could result in contract values exceeding $79 million.
Awardees are MTM Technologies Inc.; Rocky Mountain Ram LLC; Carahsoft Technology Corp.; Spectrum Systems Inc.; SafeNet Inc.; Hi Tech Services Inc.; Autonomic Resources LLC; GovBuys Inc.; Intelligent Decisions Inc. and Merlin International.
Products are Mobile Armor LLC’s Data Armor; Safeboot NV’s Safeboot Device Encryption; Information Security Corp.’s Secret Agent; SafeNet Inc.’s SafeNet ProtectDrive; Encryption Solutions Inc.’s SkyLOCK At-Rest; SPYRUS Inc.’s Talisman/DS Data Security Suite; WinMagic Inc.’s SecureDoc; CREDANT Technologies Inc.’s CREDANTMobile Guardian and GuardianEdge Technologies’ GuardianEdge.
The encryption of data-at-rest (DAR) information is now possible through these BPAs, which were successfully competed using DoD’s Enterprise Software Initiative (ESI) and GSA’s government-wide SmartBUY (Software Managed and Acquired on the Right Terms) programs.
DoD ESI and the U.S. Air Force’s 754th Electronic Systems Group at Maxwell-Gunter Air Force Base, Ala., will provide acquisition and contract support for the awards and administer the contracts throughout their five-year contract lives. GSA’s SmartBUY program will provide all acquisition support for civilian agencies, including state and local governments.
“Today’s SmartBUY announcement demonstrates that we remain vigilant in our efforts to strengthen security and improve our efforts to safeguard sensitive and personal information across the board,” said Karen Evans. “The government is accountable to America’s citizens for the privacy and protection of their sensitive information, while at the same time, improving services within the government. This agreement is critical to all levels of government—Federal, state, and local. The DoD-GSA team solved a major data encryption issue and allows our state and local governments to share in the solution while saving substantial taxpayer dollars at all levels. This is a milestone that will help build public trust as we continue to improve security within our Information Technology systems government-wide.” It was Evans’ OMB Memorandum 06-16, Protection of Sensitive Agency Information, in June 2006 that was a key impetus for federal action resulting in the agreements.
Protecting data-at-rest has become increasingly critical in today’s IT environment of highly mobile data and decreasing device size. Personal identity information or sensitive government information stored on devices such as laptops, thumb drives and PDAs is often unaccounted for and unprotected, and can pose a problem if these devices are compromised. In addition to saving taxpayer dollars, this enhances DAR information security and requires vendors to meet stringent technical and information
Two months after OMB issued its memo, the DoD Data-at-Rest Tiger Team (DARTT) was developed to address technical requirements. The goal was to award multiple BPAs by mid-2007. Eventually, the DARTT evolved into an interagency team comprised of 20 DoD components, 18 federal agencies and NATO.
"This highly successful interagency team defined and agreed upon data-at-rest requirements, which enabled the government to establish these critically important BPAs," said David Wennergren, DoD's deputy chief information officer. "It is truly historic in that agencies from across all levels of the government came together to solve a problem and develop an acquisition solution to meet all federal and local government DAR security requirements in an incredibly short time-frame.”
The DARTT conducted an extensive threat/risk analysis and market survey prior to submitting recommendations to DoD military department chief information officers in October 2006. In November 2006, DARTT began the current acquisition process in conjunction with the DoD ESI. GSA SmartBUY and federal agencies joined the DARTT in December 2006 and NATO joined in January 2007, with state and local governments joining in March 2007.
“These first-ever BPAs for data-at-rest encryption are also the first available for state and local government purchases,” said Jim Williams, GSA’s Federal Acquisition Service Commissioner. “The DOD-GSA team has leveraged the incredible buying power of the federal government to help state and local governments with their DAR solutions.”
State and local governments are participating under GSA’s Cooperative Purchasing Program, which allows them to purchase IT products and services from both GSA’s Multiple Award Schedule 70 and Consolidated Schedules that have IT special item numbers. Possible because Section 211 of the E-Government Act of 2002 amended the Federal Property and Administrative Services Act, cooperative purchasing is the means by which state and local governments have this first-time opportunity to join federal customers in purchasing encryption products fully compliant with FIPS 140-2. This federal standard defines national interoperability and security requirements for these governments electing to achieve this level for their networks.
"Protecting sensitive and private information, such as social security numbers and financial information, is an ongoing responsibility that New York State and its agencies are focused on each day," said Governor Eliot Spitzer. "By working with the federal government to protect this important information we have the ability to add another layer of protection, to New York's cyber security program, in an extremely cost-effective way."
Three categories of software and hardware encryption products are available under the BPAs - full disk encryption (FDE), file encryption (FES), and integrated FDE/FES products. All products use cryptographic modules validated under FIPS 140-2 security requirements, and have met stringent technical and interoperability requirements.
Licenses are transferable within a federal agency and include secondary use rights. All awarded BPA prices are as low as or lower than prices each vendor has available on GSA schedules, with cost avoidance to the government estimated at up to $73 million over the life of the BPAs. Additionally discounts on volume pricing range up to 85% for volume pricing, and volume pricing is based on tiers for 10,000, 33,000, and 100,000 users.
Founded in 1949, GSA serves as a centralized procurement and property management agency for the federal government. GSA manages more than one-fourth of the government’s total procurement dollars and influences the management of $500 billion in federal assets, including 8,600 government-owned or leased buildings and 205,000 vehicles. GSA helps preserve our past and define our future, as a steward of more than 420 historic properties, and as manager of USA.gov, the official portal to federal government information and services. GSA’s mission to provide superior workplaces, expert technology solutions, acquisition services, purchasing and e-travel solutions and management policies, at best value, allows federal agencies to focus on their core missions.
Did You Know? FAS annual business volume of $46 billion accounts for more than one-seventh of the entire federal procurement budget. FAS manages acquisition programs that include information technology, telecommunications, furniture, tools, office products and supply items, and all travel, motor vehicles and credit card services.