Non-government players, and those who don't readily meet federal information processing standards (FIPS) or security technical implement guides, also took a hit here. DISA officials took great care in their selection process to cross their T's and dot their I's. One had to have the proper information assurance qualifications to even be considered.
This doomed many of the commercial commodity MDM players from the start. Knowing their weakness, many commercial MDM companies sought to bolster their solutions by partnering with the likes of Fixmo Inc., a company with an established record in the intelligence and defense communities. Fixmo is one of the few companies who offer both an AES 256/FIPS 140-2 secure container and advanced integrity and tamper protection on-device, which were key requirements in the DISA MDM/MAS request for proposal.
To DISA's great credit, the agency specifically said it was looking for "innovative solutions" to next-generation problems in a constantly changing marketplace. It is widely interpreted that "innovative" does not include NOC companies nor those lacking security qualifications. DISA even extended the deadline for RFP submission multiple times and broadcast responses to industry questions throughout the RFP submission process.
Despite the grumbling from some vendors, by almost all measures, DISA held an exceedingly thoughtful, fair and open competition. Given the massive scope of the award, its parameters and the uncertain future of the industry, DISA officials should be commended for their scrupulous investigation and willingness to think outside the box.
However, although the official protest window has come and gone with nary a cry from a single vendor or prime contractor, we are now seeing a curious absence of transparency about the program's implementation details. That's drawing unflattering questions about DISA's good judgment, given the importance of the DISA award.
It hasn't helped that the winner of the award, DMI, has been unusually reticent to talk about the component technologies that it chose and which represent the real stars of the DISA award. Even executives associated with the winning deal, who are respected as thought leaders in the mobile community, have been notably silent in discussing even the basic elements of the solution.
The DISA MDM/MAS award is a landmark decision for mobile transformation in government and industry. The hush surrounding its implementation serves to hamper progress elsewhere. It is strange that an innocuous and widely talked about award -- with widespread repercussions for worldwide mobile deployments -- would seemingly be under a press "gag order."
Even the National Security Agency publically publishes "mobility capability packages" on its website that specifically call out the necessary component technologies -- down to the precise cryptographic algorithms -- for government use. NSA even volunteers, "The approach that the NSA mobility program is taking closely aligns with the NSA Commercial Solutions for Classified strategy."
If the NSA can be that transparent for higher classification levels, why is DISA not similarly forthcoming about the real technology behind the DISA win?