DIU Needs Multifactor Authentication for Secure Vendor Communications

The Defense Innovation Unit is seeking sources for a cybersecurity tool that can help the agency safely collaborate with commercial vendors. 

On behalf of DIU, the Washington Headquarters Service is looking for a multifactor authentication tool that can verify user identities without the use of the Department of Defense’s standard ID, C4ISRNET reported.

DIU said it relies on cloud-based technologies commercial technologies that are not protected by the traditional two-factor authentication measures offered by DOD’s Common Access Card. 

The agency is now looking for an alternative solution that uses at least two forms of identification and authentication, according to a sources sought solicitation.

DIU expects to award a blanket purchase agreement worth between $6 million and $7.5 million with a five-year period of performance. 

Compared to other DOD components, DIU relies more heavily on cloud-based software-as-a-service platforms because of how closely they work with industry. DIU is no longer as reliant on the legacy infrastructure used by the rest of the department, C4ISRNET said. 

DIU recently announced that it will soon select which of Google, McAfee and Zscaler will serve as serve as the agency’s sole cloud technology provider.

The unit is currently evaluating prototypes from the three companies to develop secure cloud portals, which will be used to improve the Pentagon’s ability to collaborate with companies in real time, C4ISRNET reported. 

The effort is aimed at addressing the shortcomings of a DOD cloud access architecture that was not built to support the number of users it is expected to onboard.