recommended reading

Pentagon Denies Inadequately Vetting Defensewide Smartphone Security Service

A soldier checks an iPhone during a field exercise.

A soldier checks an iPhone during a field exercise. // Defense Department file photo

Pentagon officials defended the purchase of untested technology intended to secure government-issued consumer smartphones and tablets for 300,000 military personnel, insisting the manner in which the products will be deployed is unprecedented.

However, federal documents show that at least one other federal entity, the Agriculture Department, has embarked on a similar installation.

The Defense Information Systems Agency’s selection of a mobile device management system last month was not based on live demonstrations or reviews of vendors' past performance, Nextgov reported on Wednesday.  

Another reason for omitting trial runs was a need to simplify the procurement process, Defense Department officials said.

The purpose of the service is to prevent commercial devices, including iPhones, iPads and other popular electronics, from compromising military networks and information. 

Based on a “comprehensive evaluation, DISA is confident that the technology proposed will perform in the manner as proposed by the awardee and that the awardee is capable of working with DISA to establish this first-ever DoD Enterprise Mobility capability,” a Pentagon spokesman said in an email.

DISA tapped DMI to install a $16 million system developed by Fixmo and MobileIron over a three-year contract period. 

The spokesman said officials required "products that have a proven track record in the commercial sector.” Nowhere does the request for proposals state that product track records were a criterion in the evaluation. 

Drawing from market research and "DISA's expertise in this area," agency officials determined no service provider could claim having previous experience on a similar initiative, the Defense spokesman said. The service that the Pentagon needs is "unique in scale and functionality.”

So, "an evaluation scheme that focused on technical and cost, rather than past performance, would be the best method to compete this requirement,” he explained.

Mobile management technology basically works like a human help desk, remotely installing software, erasing lost smartphones and locking down settings. Defense’s service also includes software for secure email access and Web browsing, as well as an app store that will allow military personnel to search and download approved applications.

But the Pentagon might not be breaking new ground with the project. Last year, USDA officials announced a $20 million rollout of a mobile device management system, app store, and secure email access and browsing tools for the devices of up to 100,000 federal employees. 

Pockets of Defense are testing various devices and security management systems, the Pentagon spokesman acknowledged, but "it was unlikely that any current pilot efforts would be relevant to DISA's new, emerging requirement.” Also, it would take too much effort for companies to substantiate their prior accomplishments and for DISA to appraise those accomplishments. 

Eliminating the performance factor "allowed the government to shorten the procurement process and thus field critical capabilities in an expedited manner,” the spokesman said.

Defense officials say they incorporated feedback from industry last year in crafting the benchmarks used to vet contenders. They added that DISA did not receive any pre-award protests or complaints about the decision not to rate competitors on past performance.

Nor did the agency receive any post-award protests from contractors. None of the major Defense contractors that have billion dollar contracts under their belts contested the relatively small award. The subcontractors that developed the products were not eligible to protest.

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.