DISA seeks toolkit to implement a key piece of its zero trust framework

BlackJack3D/Getty Images

The Defense Department's information technology agency is asking for info on software products for a potential contract to support its Comply-to-Connect Program.

The Defense Information System Agency is looking for software tools to help provide its enterprise zero trust framework with a "capability of orchestration," according to a request for information released Monday. 

DISA officials want information about tools that can be applied to its Comply-to-Connect framework, a program consisting of multiple technologies geared toward standardizing defensive cyber operations across the DOD Information Network, or DODIN.

C2C aims to serve as a zero trust solution for the DODIN, capable of monitoring user activity across a range of endpoints, from physical and virtual workstations to mobile and Internet of Things devices. 

"By identifying the non-compliant and previously unidentified devices, DOD will be able to limit the access of these assets and mitigate risk in an automated fashion, which will significantly increase the security posture of the DODIN," the RFI said. "In addition, C2C will support segmentation of compliant devices based on device type, operational/functional impact, sensitivity and security risk." 

According to a DISA fact sheet, the framework — which began deployment in September 2020 for the Secret Internet Protocol Router Network, or SIPRNet, and in March 2021 for the Non-Secure Internet Protocol Router Network, or NIPRNet — is scheduled to be fully deployed by March 2024. The DISA C2C Program Management Office has provided licensing to San Jose, California-based software company Forescout since 2021.  

The RFI calls for software tools that can discover, identify, categorize, classify and profile all devices connecting to defense networks; authenticate those devices; have the capacity for automated remediation; be able to conduct network segmentation to limit user access; and be able to operate both in and out of band.

In addition to calls for how potential providers could meet the RFI's requirements, DISA also requested price estimates for the annual support of 2 million, 4 million and 7 million licenses.

The deadline for responses is May 5.