Cybersecurity
DISA Issues RFI to Expand Capabilities of Comply-to-Connect Program
The Defense Information Systems Agency is looking to gather industry feedback on software management platforms that would help expand the cybersecurity capabilities in its device security program.
As indicated in a request for information, the initial wave of capabilities for the Comply-to-Connect program deployed by DISA was limited to conducting “pathfinder activities.”
The C2C program was established to prevent unauthorized access to the DoD information network and to remove devices that fall short of the department’s strict cybersecurity standards, Nextgov reported.
The RFI covers certain capabilities that DISA wants to scale up the C2C program, including a single, converged platform capable of discovering, identifying, categorizing, classifying and profiling all devices connected to the DODIN. DISA specified that the platform must use “the widest variety of both passive and active network-based and host-based discovery methodologies” to filter all device access to the network.
In addition, the agency is interested in having the ability to “automatically remediate deviations from established required compliance baselines” on non-compliant devices without installing endpoint management applications.
DISA also wants industry feedback on how to segment networks to block non-compliant devices without relying on endpoint agents. The segmentation platform must also be able to segregate updated devices by type or function to limit access to only mission necessary network segments.
Continuous compliance monitoring capabilities are also on top of DISA’s wishlist.
Interested sources may ask questions regarding the RFI until June 25, with responses due June 26.
The C2C program debuted in November 2013 at Marine Corps Base Camp Lejeune in North Carolina and Tinker Air Force Base in Oklahoma. The program was envisioned then to help military branches manage 20,000 endpoints, including smartphones, laptops and desktops.
Category: Future Trends