GSA, DOD seek data encryption under SmartBuy
Federal agencies could take advantage of volume discounts when they buy encryption software through the SmartBuy program.
The General Services Administration and the Defense Department issued a request for quotations last week for full-disk encryption or a file/folder encryption system under the government's SmartBuy enterprise software management program.The impetus behind the SmartBuy deal is an Office of Management and Budget memo issued June 2006 requiring agencies to encrypt all data on mobile devices. Many agencies have yet to meet that and other requirements stated in the memo. A governmentwide blanket purchase agreement would give chief information officers and chief information security officers an easy way to identify and buy such software at a volume discount, according to the RFQ.Released under GSA’s e-Buy program, the RFQ asks vendors on the GSA schedule to submit a price quotation for implementing, maintaining, integrating and training people to use encryption software for data at rest.“This BPA will further decrease costs, reduce paperwork and save time by eliminating the need for repetitive, individual purchases from the schedule contract," the RFQ states. It also states that GSA and OMB intend to issue regulations that make the BPA a mandatory source for federal agencies.Agencies could spend as much as $24 million under the BPA, according to the solicitation document.The RFQ lists 103 requirements, of which 40 are critical. The encryption software’s cryptographic module must be validated under Federal Information Processing Standard 140-2. In addition, the software must work with the public-key infrastructure components of DOD’s Common Access Card and the Personal Identity Verification card required by Homeland Security Presidential Directive 12.The software must be capable of automatically encrypting data that is transferred to removable storage media without user intervention or circumvention.GSA and DOD are also seeking software that can run on 12 operating systems or platforms, including four versions of Microsoft Windows, Unix, Mac OS X, Palm, Red Hat Linux and Novell’s SUSE Linux.
NEXT STORY: Agencies' cybersecurity grades rise slightly