The choice of consumer-off-the-shelf mobile devices and software applications by DISA, on behalf of the Department of Defense, sends a signal to all highly regulated organizations with mobile information assurance and security concerns that the United States government has determined that it's willing to treat mobile devices as first-class citizens on its networks. It's an admission that the growing use of smartphones, tablets and other small devices -- which are outpacing traditional PCs -- must be taken into account, the risks assessed, mitigated and eventually deployed. It also says the DOD is open to deploying commercially available mobile technology on a large scale.
Based on the publicly available request for proposal and DISA's performance work statement, it's evident the DISA MDM/MAS award reflected industry's input and consequently had multiple criteria, but central among them were the following information assurance criteria:
[ How do Brits get tips from the government on the run? Read British Increasingly Use Smartphones To Visit Government Websites. ]
-- The use of FIPS 140-2 compliant cryptographic modules, which call for the highest available advanced encryption standards.
-- The use of DOD public key infrastructure (PKI) and hardware security module support. PKI provides for a digital certificate that can identify an individual or an organization and directory services that can store and revoke the certificates.
-- The use of an on-device integrity checker that substantiates applications, offers tamper resistance, verifies the device's integrity and prevents the rooting of devices.
In recent months, seemingly all official deployments of mobile technology across the DOD have come to a screeching halt as every branch of military, facing sequestration and related budget cutbacks, looked to which way DISA would go.
In the short term, the DISA award promises to change the U.S. federal mobile landscape in the most meaningful way since RIM's BlackBerry device was granted a waiver to send information outside the continental U.S. and became the de facto government furnished equipment device for all of the federal government. BlackBerry, as RIM calls itself now, has been leveraging this same interim authority to operate for years.
According to the request for proposal posting for this procurement, DISA requested four tranches of 25,000 units, for a total of 100,000 units, in the base year of the contract. Elsewhere in the performance work statement, it was noted that the solution should support a minimum of 162,500 devices, with the potential of 262,500 mobile devices by the end of the contract. An earlier version of the RFP posted on the GSA's Federal Business Opportunities site called for support for one million devices.
Given DISA's mission, to be the information provider to the Department of Defense, this award, in parallel with DISA's efforts to consolidate data centers across the DOD, effectively creates a one-stop shop for DOD personnel to purchase and operate mobile devices.
The DOD is looking long-term as well, even as it acknowledged that the market remains in flux. As noted in DISA's performance work statement (PWS): "Because the current market landscape is still maturing from a security and architecture perspective, the critical requirements provided for this MDM/MAS acquisition are short-term and are limited in scope to provide the government the flexibility to adjust with evolving solutions. The current PWS is shaped to reflect the capabilities currently available in the marketplace. The government desires to see innovative solutions that may bring value to the government during contract performance."
Unlike the uptake and subsequent standardization on BlackBerry for mostly personal information management and email-appliance functionality, the DISA award signals something much more important: The tacit admission that mobile devices are here to stay and that they must be treated as primary devices for email but more importantly for a variety of line of business and mission-critical uses.