DISA deploys Secure Access File Exchange

In response to a DOD Chief Information Officer (CIO) directive, the Defense Information Systems Agency Services Development Directorate deployed Department of Defense Secure Access File Exchange (DOD SAFE) on August 15, DISA announced.

DOD SAFE, a replacement for the U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange (SAFE) slated to be retiring in August, will provide, at no cost, users with a DOD enterprise-wide method of securely transferring files.

“The service provides exceptional functionality to our active and reserve service members, DOD civil servants, eligible DOD contractor personnel, and even our federal mission partners,” said Brian Hermann, director, SDD. “Now when a DOD team member needs to send or receive a large file, they have a simple and secure method in which to do so.”

The file exchange will support transfer of files up to 8 gigabytes, an increase from the current 2 gigabyte limit, on the Non-classified Internet Protocol Router Network (NIPRNet). The service can be used to securely transfer unclassified data to include: For Official Use Only (FOUO), Personally Identifiable Information (PII) and Protected Health Information (PHI).

“DISA will bridge the capability gap as AMRDEC sunsets,” said Carey Burris, project manager, Defense Collaboration Service (DCS), who said that AMRDEC was initially designed for a much smaller user population.

“It was never intended to be the enterprise solution for DOD members that it turned into,” explained Sophie Johnson-Shapoval, a computer engineer with DCS. “We’re working with AMRDEC’s team to transition between the two services, and our goal is to provide an even better service.”

In addition to being able to transfer large files, DOD SAFE offer other upgrades, such as users being able to access their files for seven days, as opposed to the current two-day time limit with AMRDEC. Users are also able to download the files multiple times and send up to 25 files at once. Users outside of DOD may notice lengthy download and upload times depending on their bandwidth availability, but DISA will work to continually improve the experience for all users.

“Most importantly, we’ve improved file transfer security,” said Johnson-Shapoval. To ensure files are secure, DOD SAFE offers optional package level encryption. This means files are encrypted “at rest,” explained Jeanelle Holder, an electronics engineer with DISA’s Emerging Technologies Division.

“Encryption at rest means users’ files are encrypted, or converted into a code, to prevent unauthorized access both at their workstation, and in transit,” she said. “It’s enhanced protection of data.”

In addition to package level encryption, DOD SAFE is also improving security by requiring authenticated Common Access Card (CAC) users, who are the main user base of DoD SAFE, to initiate all file transfers.

“Files from those who do not hold a CAC cannot be sent unilaterally,” said Holder. “Guest users can only send solicited packages, which means that someone who does have a CAC has requested they send the file. This prevents files and systems from being corrupted by someone nefariously, or accidentally, sending a virus or something similar.”

With a deadline from DOD CIO to complete the program in six months, DoD SAFE was based on an open source code, which was further reviewed, refined and hardened to meet DOD’s security requirements.

“Using open source code and software meant that we were able to develop the file transfer program quickly and more securely than if we had done it all in-house,” said Johnson-Shapoval. “The code has been vetted for issues and bugs already, and we simply apply security settings to improve it further for our mission.”

Collaborating with public sources for the code used in the project was just the beginning of the teamwork that transpired during the project, said Burris.

Source: DISA