recommended reading

DISA charged with securing networks for all but two agencies

The Defense Information Systems Agency has been tapped to tighten up network security of all branches of the federal government except the State Department and the FBI, which have their own systems. The move is in response to the unauthorized release of hundreds of thousands of pages of Pentagon and State classified documents in 2010 and 2011 by the website WikiLeaks, the agency said.

Defense Secretary Leon Panetta on July 20 hinted at Pentagon assistance to other federal agencies to beef up security for their networks. DISA obliquely disclosed Monday in contract documents that it will function as the common service provider for the new public key infrastructure hardware tokens, certificates and services for federal classified and secret networks except those belonging to State and the FBI.

DISA made clear that the fallout from WikiLeaks’ disclosure of classified Defense Department documents and State cables is the reason for its broad new governmentwide network security role.

“In response to WikiLeaks, the Office of Management and Budget and the [21 agency] Committee for National Security Systems determined that all federal agencies that operate on the federal classified [or] Secret networks must implement a hardware-based PKI solution to protect their information and networks. The objective is to remove anonymity and improve the overall security of the federal Secret networks,” DISA said.

The agency added, “there is a sense of urgency to have all federal agencies using hardware tokens to access their networks and information as quickly as possible. Since DoD is already well on their way to implementing the DoD PKI SIPRNET [Secret Internet Protocol Router Network] token capability, it was decided that DoD would leverage its existing infrastructure to stand up a common service provider capability to all federal agencies except for Department of State and FBI, which already had their own systems. Because DISA is the operator of the DoD PKI, DISA will be the CSP for the federal agencies.”

DISA buried this information in a sole source justification document appended to a contract award, obscurely titled DISA PEO-MA Common Service Provider, posted on the Federal Business Opportunities website Monday.

The agency said it tapped Tangible Software Inc. of McLean VA, the Defense PKI contractor, to support PKI tokens and related security services governmentwide, as it is the only contractor with the requisite knowledge, experience and skills to accomplish the job. DISA awarded the company a contract valued at $8.9 million for one base year and two option years.

In its new role as the common security for most federal departments and agencies, DISA said, “token management capability and certificate authorities need to be significantly changed to reflect federal naming standards, add additional profiles and configurations for the other federal agencies, and provide the separation of the agencies within the registration and issuance process.”

As federal network common services provider, DISA said it will be responsible for operating the infrastructure to provide certificate life-cycle management to participating agencies, registration authorities services to support certificate issuance, overall management for smaller agencies, training and help desk support.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.