recommended reading

DEA Anticipates Awarding Contract for Sensitive Justice Cloud

Maksim Kabakou/

The agency tasked with fighting narcotics trafficking expects to need online access to a commercial data center to store a growing amount of sensitive mapping data -- and to save money, according to a contract plan. 

The Drug Enforcement Administration on Monday issued a notice stating it is surveying the cloud market to see who can help transfer moderately sensitive geographic data from a DEA facility to the cloud.

"It is anticipated that a contractor may be required for an effort to onboard new and existing applications” to a Federal Risk and Authorization Management Program-accredited "government community cloud," DEA officials stated, referring to a new cyber certification program any federal cloud product must successfully pass. A community cloud is an information technology setup where several agencies jointly subscribe to and share one set of computing resources. 

DEA uses location data to pinpoint crime hot spots and track suspects, among other things. 

The potential contractor must also "develop technical design and reference architecture that can be leveraged by any government agency – federal, state, or local" and "support the unique security requirements to protect the data," officials stated.

Any proposed product should "improve scalability; add on-demand capacity; provide disaster recovery options; and other cloud characteristics to improve the efficiency and reduce IT cost,” they added.

DEA and the Bureau of Alcohol, Tobacco, Firearms and Explosives are developing an interagency geospatial information service to shave the price of enabling secure access to a commercial GIS application, according to a fiscal 2014 budget justification sent to Congress. 

The envisioned cloud service would host mapping tools and provide backup should the agency’s main in-house data center crash. DEA already manages mapping applications for multiple Justice agencies at its own facility, the Sterling Park Technology Center. One such tool is eGIS, which provides employees with access to Google Earth Enterprise and ESRI ArcGIS services.

The Internet-based "secondary site" must offer "geospatial mapping services and failover capability (from on-premises primary site to secondary site in the cloud)," according to the plan. 

The type of cloud capability desired is so-called infrastructure-as-a-service, which includes remote machines, storage and backup. Platform-as-a-service, or the ability to create and host software applications, is an optional requirement. 

The cloud must be supported and managed by U.S. citizens only, and they must hold clearances, agency officials said.

DEA is not at the point of logging into the cloud just yet. The agency needs help from service providers to figure out its needs, according to Monday’s solicitation. "The objective of this proposed contract will be to establish a process for the contracting of specific tasks to support the cloud initiatives as identified by DEA, the development and publication of technical design and reference architecture," the notice states. "This synopsis is for information and planning purposes."

(Image via Maksim Kabakou/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.