Pentagon Clarifies Biometrics Database Can Move to Any Secure Cloud, Not Just AWS


While the performance work statement namechecks a specific cloud provider and product, a subsequent amendment and Q&A clarify the Pentagon’s true intent.

The Defense Department announced plans in October to move its primary biometrics database wholesale to a cloud environment, namely Amazon Web Services’ GovCloud. However, a new update to the solicitation has broadened the scope of the migration contract to include other cloud service providers.

In an October request for information and subsequent performance work statement, program managers for the Automated Biometric Identification System, or ABIS, outlined requirements for shifting the entire program to cloud.

The current environment is split between DOD-owned, on-premise systems and AWS-hosted cloud backups. Under the latest effort, DOD plans to move the main operational environments to the cloud and begin a set of major capability improvements.

The solicitation posted to outlines the department’s plans for Biometric Enabling Capability Increment 1, the second phase of a program that got its start in 2007 with Increment 0, which resulted in the launch of ABIS v1.2 in 2014. Since that time, the program has upgraded ABIS to version 1.3 and established plans to expand the system with new capabilities and a cloud architecture that enables global access.

The system contains 18 million biometric identifier records—including face, fingerprint, iris and others—mostly associated with enemy combatants.

In the search for a vendor to manage the full cloud migration, the PWS cites the current cloud vendor—AWS—and in multiple instances refers to “GovCloud,” the name of an AWS’ cloud offering specifically tailored for government agencies.

“The contractor shall develop and execute a Cloud Transition Plan to migrate on-premise DOD ABIS to an IL5 certified GovCloud and the [non-production/development environment] to an IL2 certified GovCloud,” in a section titled “Transition DOD ABIS to the Cloud.”

Further, under the Operations and Sustainment task, the PWS requires offerors “operate and sustain DOD ABIS cloud operational environments—i.e. any environment that uses live biometrics data—in an IL5 GovCloud environment,” adding that “AWS is the current cloud provider used by” the product manager for the Biometrics Enabling Capability.

However, an amendment issued Nov. 19 told vendors that hosting in AWS will not be part of the requirement.

The amendment offered few details but pointed interested offerors to a forthcoming questions and answers document posted Nov. 20.

“Is there a specific technical justification for naming AWS throughout the requirement versus other accredited cloud providers?” the first question asks.

“No,” program managers responded. “The system integrator’s proposal will determine the cloud service provider. The government’s interest is in the best value proposition to meet the government’s requirements. The RFI Draft PWS Section,” quoted above, “accurately reflects the government’s position on the requirements for cloud services. The current system integrator subcontracted AWS as the CSP.”

This same sentiment and language are used to address similar questions throughout the Q&A doc, reiterating at times that “Amendment 0002 states that there is no brand name specification to only AWS.”

According to the Defense Information Systems Agency, five companies currently offer cloud infrastructure services at IL5: AWS GovCloud (high), IBM SmartCloud for Government (moderate), Microsoft Azure DOD (high), MilCloud 2.0 CSRA (high) and Oracle Cloud Infrastructure Government Cloud (moderate).

According to the Q&A doc, the first request for proposal is set “to be issued no sooner than” the third quarter of fiscal 2021.

The Nov. 19 amendment also pushed the response date for the RFI out to Dec. 4.